| 2009-11-11 16:53:19 |
Nick Barcet |
bug |
|
|
added bug |
| 2009-11-11 16:53:56 |
Nick Barcet |
bug task added |
|
eucalyptus |
|
| 2009-11-11 16:57:35 |
Nick Barcet |
description |
It seems to be a security issue that Eucalyptus does not allow API connection to happen over and encrypted connection. Currently API calls occur over http on port 8773. As they carry QueryID/SecretKey in clear, anyone that can sniff the network can gain admin privileges on eucalyptus.
As a side effect, in order for landscape to manage a UEC setup, the following ugly workaround needs to be applied https://help.ubuntu.com/community/UEC/Landscape |
It seems to be a security issue that Eucalyptus does not allow API connection to happen over an encrypted connection. Currently API calls occur over http on port 8773. As they carry QueryID/SecretKey in clear, anyone that can sniff the network can gain admin privileges on eucalyptus.
As a side effect, in order for landscape to manage a UEC setup, the following ugly workaround needs to be applied https://help.ubuntu.com/community/UEC/Landscape
|
|
| 2009-11-13 14:32:27 |
Thierry Carrez |
eucalyptus (Ubuntu): importance |
Undecided |
High |
|
| 2009-11-15 17:59:36 |
Kees Cook |
eucalyptus (Ubuntu): status |
New |
Incomplete |
|
| 2009-11-16 16:39:47 |
Dustin Kirkland |
visibility |
private |
public |
|
| 2009-11-17 01:08:42 |
chris grzegorczyk |
eucalyptus: assignee |
|
chris grzegorczyk (chris-grze) |
|
| 2009-11-17 01:08:47 |
chris grzegorczyk |
eucalyptus: importance |
Undecided |
Medium |
|
| 2009-11-17 01:08:52 |
chris grzegorczyk |
eucalyptus: status |
New |
In Progress |
|
| 2009-11-17 16:48:02 |
chris grzegorczyk |
eucalyptus: status |
In Progress |
Fix Committed |
|
| 2009-12-01 21:25:46 |
Dustin Kirkland |
eucalyptus (Ubuntu): status |
Incomplete |
In Progress |
|
| 2009-12-01 21:26:00 |
Dustin Kirkland |
eucalyptus (Ubuntu): assignee |
|
Dustin Kirkland (kirkland) |
|
| 2009-12-01 21:42:10 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-core-dev/eucalyptus/ubuntu |
|
| 2009-12-02 03:15:09 |
Launchpad Janitor |
eucalyptus (Ubuntu): status |
In Progress |
Fix Released |
|
| 2009-12-02 04:07:10 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/eucalyptus |
|
| 2011-10-19 16:46:29 |
Jamie Strandboge |
removed subscriber Ubuntu Security Team |
|
|
|
| 2011-11-22 21:17:43 |
graziano obertelli |
eucalyptus: status |
Fix Committed |
Fix Released |
|
