Critical vulnerability in open source Eucalyptus clouds
Researchers at the Ruhr-University Bochum have discovered a critical vulnerability in Eucalyptus, an open source implementation of the Amazon EC2 cloud APIs. An attacker can, with access to the network traffic, intercept Eucalyptus SOAP commands and either modify them or issue their own arbitrary commands. To achieve this, the attacker needs only to copy the signature from one of the XML packets sent by Eucalyptus to the user. As Eucalyptus did not properly validate SOAP requests, the attacker could use the copy in their own commands sent to the SOAP interface and have them executed as the authenticated user.
All versions up to and including 2.0.2 are vulnerable; a fixed version, 2.0.3, is available to download. Ubuntu's Eucalyptus-based Ubuntu Enterprise Cloud (UEC) is also vulnerable; updates for Ubuntu 10.04 LTS, 10.10 and 11.04 are already available in Canonical's repositories. Eucalyptus does note that the changes made to close the holes may lead to some existing tools failing to work as the system will interpret them as a replay attack if they issue commands too rapidly.