USN-1137-1: Eucalyptus vulnerability
26 May 2011
An attacker could send crafted input to Eucalyptus to run commands as a valid user.
Juraj Somorovsky, Jorg Schwenk, Meiko Jensen and Xiaofeng Lou discovered
that Eucalyptus did not properly validate SOAP requests. An unauthenticated
remote attacker could exploit this to submit arbitrary commands to the
Eucalyptus SOAP interface in the context of an authenticated user.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.