Nova live snapshots use an insecure local directory

2014.01.13
Risk: High
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 3.3/10
Impact Subscore: 4.9/10
Exploitability Subscore: 3.4/10
Exploit range: Local
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

OpenStack Security Advisory: 2014-001 CVE: CVE-2013-7048 Date: January 13, 2013 Title: Nova live snapshots use an insecure local directory Reporter: Daniel Berrange (Red Hat) Products: Nova Affects: Grizzly and later Description: Daniel Berrange from Red Hat reported that the directories used to temporarily store live snapshots on Nova compute nodes were writable to all local users. A local attacker with shell access on compute nodes could therefore read and modify the contents of live snapshots before those are uploaded to the image service. Icehouse (development branch) fix: https://review.openstack.org/#/c/58852/ Havana fix: https://review.openstack.org/#/c/60548/ Grizzly fix: https://review.openstack.org/#/c/60550/ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7048 https://bugs.launchpad.net/nova/+bug/1227027 Regards, -- Thierry Carrez OpenStack Vulnerability Management Team

References:

https://review.openstack.org/#/c/58852/
https://review.openstack.org/#/c/60548/
https://review.openstack.org/#/c/60550/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top