ShapeBlue Security Advisory for CVE-2022-35741: XXE vulnerability in SAML 2.0 Service Provider Plugin for CloudStack

18 July 2022 13:30 UTC Versions Affected Any version of Apache CloudStack >= 4.5 (including currently supported versions: 4.16.0, 4.16.1, 4.17) Scope Any Apache CloudStack (affected versions) environments that have the SAML plugin enabled. Summary Apache CloudStack enables authentication through SAML 2.0 by providing a SAML 2.0 Service Provider Plugin. This plugin is disabled by […]

ShapeBlue Advisory on Libvirt 8+ Compatibility Issues with CloudStack

Overview As of the 4.15 release, CloudStack has supported various EL8 operating systems / hypervisors, namely RHEL 8, CentOS 8, Rocky Linux 8 (and in theory – as of CloudStack 4.16 – all other EL8 variants including e.g. Alma Linux 8) – for both management servers and hypervisors. Similarly, support for Ubuntu 20.04 was added […]

Machine Learning and Apache CloudStack | Case Studies

Introduction In this blog we discuss applications of machine learning (ML) in datacenters and how that might integrate with Apache CloudStack (ACS). We also try to identify various places in the lifecycle of datacentres where such tools can be helpful. With any datacentre deployment, the primary goal is to achieve efficient resource provisioning whilst also […]

ShapeBlue Security Advisory – Spectre and Meltdown patches in CloudStack 4.9 and 4.11

Overview At the beginning of 2018 a number of vulnerabilities were discovered which allow malicious user space processes to read kernel memory and malicious code in VM guests to read hypervisor memory. These vulnerabilities affect most CPU manufacturers – Intel, AMD, ARM, MIPS, etc. The vulnerabilities were nicknamed “Spectre” and “Meltdown” and are outlined in […]

ShapeBlue Security Advisory – DNSMasq Vulnerabilities

A number of security flaws were recently found in the DNSMasq tool. This tool is used by many systems to provide DNS and DHCP services, including by the CloudStack System VMs.
This advisory explains their affect on CloudStack and how to patch CloudStack against these flaws.

Migration away from download.cloud.com to download.cloudstack.org may cause problems in exisiting cloudstack installations and versions

Background Cloudstack relies on a fixed download site when it fetches the built-in guest VM templates. That download site has historically been download.cloud.com and is being replaced by download.cloudstack.org. Download.cloudstack.org is now fully functional. The retirement date of download.cloud.com is unknown but expected to be imminent The issue & behaviour After the retirement of download.cloud.com, […]

Shapeblue Security Advisory For CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability

Overview Apache CloudStack contains an authentication module providing “single sign-on” functionality via the SAML data format. Under certain conditions, a user could manage to access the user interface without providing proper credentials. As the SAML plugin is disabled by default, this issue only affects installations that have enabled and use SAML-based authentication. Mitigation: Users of […]

Shapeblue Security Advisory for CVE-2015-0235, aka the Ghost vulnerability

Overview A vulnerability has been recently disclosed by Qualys that could result in a remote attacker being able to execute malicious instructions on vulnerable systems. The vulnerability affects Linux based operating systems. This is better known as GHOST ‘glibc’ vulnerability (CVE-2015-0235): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235 What is ShapeBlue Doing ShapeBlue has analysed the impact of this issue on Apache CloudStack (ACS).  The […]

Retirement of the realhostip.com Service

The realhostip.com service will be switched off on the 1st October 2014. Paul Angus looks at what it did, what effect the retirement will have and what you need to do to carry on working if you’re affected. What is realhostip.com? When you connect to the Console Proxy system VM or download a disk or […]

Apache CloudStack enables existing VMware users and gives an easy way for service providers to migrate to a fully open-source solution and eliminate vendor dependency.