CVE-2013-7130

Sažetak

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html
http://osvdb.org/102416
http://rhn.redhat.com/errata/RHSA-2014-0231.html
http://secunia.com/advisories/56450
http://www.openwall.com/lists/oss-security/2014/01/23/5
http://www.securityfocus.com/bid/65106
http://www.ubuntu.com/usn/USN-2247-1
https://bugs.launchpad.net/nova/+bug/1251590
https://exchange.xforce.ibmcloud.com/vulnerabilities/90652
https://review.openstack.org/#/c/68658/
https://review.openstack.org/#/c/68659/
https://review.openstack.org/#/c/68660/

CVSS

Base:	7.1
Impact:	6.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:34

Objavljeno

06-02-2014 - 17:00