CVE-2012-4501 : Critical vulnerability warned in Cloudstack
Oct 09, 2012
Citrix and the Apache Software Foundation have alerted users to a critical vulnerability in the CloudStack open source cloud infrastructure management software. The vulnerability affects all versions of Cloudstack prior to October 7, including the Citrix commercial version. Vulnerability could allow an attacker to take a number of unwanted actions, including deleting all of the virtual machines on a system. There are no known exploits at this time, Details of the issue were disclosed on Sunday. Cloudstack is one of the largest open source cloud infrastructure management systems together with OpenStack and Eucalyptus. Mitigation against the vulnerability is possible by logging into the Cloudstack MySQL database, disabling the system user and setting a random password. " The CloudStack PPMC was notified of a configuration vulnerability that exists in development versions of the Apache Incubated CloudStack project. This vulnerability allows a malicious user to execut...
