===========================================================
Ubuntu Security Notice USN-1033-1 December 16, 2010
eucalyptus vulnerability
CVE-2010-3905
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
eucalyptus-java-common 2.0+bzr1241-0ubuntu4.1

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that Eucalyptus did not verify password resets from
the Admin UI correctly. An unauthenticated remote attacker could issue
password reset requests to gain admin privileges in the Eucalyptus
environment.