The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands.Referenceshttp://secunia.com/advisories/49912http://secunia.com/advisories/49916http://www.eucalyptus.com/eucalyptus-cloud/security/esa-04
