Regarding the attack vector via memcache mentioned in comment #1, AFAIK every local user has access to memcached because there is not authC in place to stop her/him.
I am not that familiar with the openstack architecture, so...
- Where does the memcached run exactly?
- And does it only listen to 127.0.0.1?
Regarding the attack vector via memcache mentioned in comment #1, AFAIK every local user has access to memcached because there is not authC in place to stop her/him.
I am not that familiar with the openstack architecture, so...
- Where does the memcached run exactly?
- And does it only listen to 127.0.0.1?