Ubuntu 12.10 : quantum vulnerability (USN-2208-2)

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

USN-2208-1 fixed vulnerabilities in OpenStack Cinder. This update
provides the corresponding updates for OpenStack Quantum.

JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not
enforce SSL connections when Nova was configured to use QPid and
qpid_protocol is set to 'ssl'. If a remote attacker were able to
perform a man-in-the-middle attack, this flaw could be exploited to
view sensitive information. Ubuntu does not use QPid with Nova by
default.

Solution :

Update the affected python-quantum package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 73906 ()

Bugtraq ID:

CVE ID: CVE-2013-6491