CVE-2017-18191

Sažetak

An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.

Reference

http://openwall.com/lists/oss-security/2018/04/20/3
http://www.securityfocus.com/bid/103104
https://access.redhat.com/errata/RHSA-2018:2332
https://access.redhat.com/errata/RHSA-2018:2714
https://access.redhat.com/errata/RHSA-2018:2855
https://launchpad.net/bugs/1739593
https://review.openstack.org/539893
https://security.openstack.org/ossa/OSSA-2018-001.html

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

03-10-2019 - 00:03

Objavljeno

19-02-2018 - 17:29