CVE-2011-0730 - OpenCVE

Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Eucalyptus	Eucalyptus

Configuration 1 [-]

OR	cpe:2.3:a:eucalyptus:eucalyptus:::::enterprise:::*
	cpe:2.3:a:eucalyptus:eucalyptus::::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*

No data.

References

Link	Providers
http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz
http://open.eucalyptus.com/wiki/esa-02
http://secunia.com/advisories/44705
http://www.securityfocus.com/bid/48000
http://www.ubuntu.com/usn/USN-1137-1
https://bugs.launchpad.net/bugs/746101
https://exchange.xforce.ibmcloud.com/vulnerabilities/67670
https://launchpad.net/ubuntu/+source/eucalyptus/+changelog

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2011-06-02T19:00:00

Updated: 2024-08-06T22:05:53.358Z

Reserved: 2011-02-01T00:00:00

Link: CVE-2011-0730

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2011-06-02T19:55:03.777

Modified: 2018-11-29T15:49:25.040

Link: CVE-2011-0730

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-05-25T00:00:00", "descriptions": [{"lang": "en", "value": "Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an \"XML Signature Element Wrapping\" or a \"SOAP signature replay\" issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://open.eucalyptus.com/wiki/esa-02"}, {"name": "44705", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44705"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz"}, {"name": "eucalyptus-soap-command-execution(67670)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67670"}, {"name": "USN-1137-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1137-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/bugs/746101"}, {"name": "48000", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48000"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/ubuntu/+source/eucalyptus/+changelog"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2011-0730", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an \"XML Signature Element Wrapping\" or a \"SOAP signature replay\" issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://open.eucalyptus.com/wiki/esa-02", "refsource": "CONFIRM", "url": "http://open.eucalyptus.com/wiki/esa-02"}, {"name": "44705", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44705"}, {"name": "http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz", "refsource": "CONFIRM", "url": "http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz"}, {"name": "eucalyptus-soap-command-execution(67670)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67670"}, {"name": "USN-1137-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1137-1"}, {"name": "https://bugs.launchpad.net/bugs/746101", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/bugs/746101"}, {"name": "48000", "refsource": "BID", "url": "http://www.securityfocus.com/bid/48000"}, {"name": "https://launchpad.net/ubuntu/+source/eucalyptus/+changelog", "refsource": "CONFIRM", "url": "https://launchpad.net/ubuntu/+source/eucalyptus/+changelog"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:05:53.358Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://open.eucalyptus.com/wiki/esa-02"}, {"name": "44705", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44705"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz"}, {"name": "eucalyptus-soap-command-execution(67670)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67670"}, {"name": "USN-1137-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1137-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/bugs/746101"}, {"name": "48000", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/48000"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.net/ubuntu/+source/eucalyptus/+changelog"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2011-0730", "datePublished": "2011-06-02T19:00:00", "dateReserved": "2011-02-01T00:00:00", "dateUpdated": "2024-08-06T22:05:53.358Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A94FA99D-6188-40C7-AD8E-EC420DADAAFE", "versionEndExcluding": "2.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CA849DA-7502-4678-AF63-ED646B1A2D13", "versionEndExcluding": "2.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an \"XML Signature Element Wrapping\" or a \"SOAP signature replay\" issue."}, {"lang": "es", "value": "Eucalyptus antes de v2.0.3 y Eucalyptus EE antes de v2.0.2, tal como se utilizan en Ubuntu Enterprise Cloud (UEC) y otros productos, no interpretan correctamente los elementos firmado en las peticiones SOAP, lo que permite ejecutar comandos arbitrarios a atacantes \"man-in-the-middle\" mediante la modificaci\u00f3n de una solicitud. Modificaci\u00f3n relacionada con una \"el embalaje de elementos de firma XML\" o una \"reproducci\u00f3n de firma SOAP\"."}], "id": "CVE-2011-0730", "lastModified": "2018-11-29T15:49:25.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-06-02T19:55:03.777", "references": [{"source": "security@ubuntu.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://launchpadlibrarian.net/72472626/eucalyptus_2.0.1%2Bbzr1256-0ubuntu5_2.0.1%2Bbzr1256-0ubuntu6.diff.gz"}, {"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "http://open.eucalyptus.com/wiki/esa-02"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44705"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/48000"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1137-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://bugs.launchpad.net/bugs/746101"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67670"}, {"source": "security@ubuntu.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://launchpad.net/ubuntu/+source/eucalyptus/+changelog"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}