[OSSA 2014-001] Nova live snapshots use an insecure local directory (CVE-2013-7048)
OpenStack Security Advisory: 2014-001 CVE: CVE-2013-7048 Date: January 13, 2013 Title: Nova live snapshots use an insecure local directory Reporter: Daniel Berrange (Red Hat) Products: Nova Affects: Grizzly and later
Description: Daniel Berrange from Red Hat reported that the directories used to temporarily store live snapshots on Nova compute nodes were writable to all local users. A local attacker with shell access on compute nodes could therefore read and modify the contents of live snapshots before those are uploaded to the image service.
Icehouse (development branch) fix: https://review.openstack.org/#/c/58852/
Havana fix: https://review.openstack.org/#/c/60548/
Grizzly fix: https://review.openstack.org/#/c/60550/
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7048 https://bugs.launchpad.net/nova/+bug/1227027
Regards,
participants (1)
-
Thierry Carrez