[OSSA 2014-001] Nova live snapshots use an insecure local directory (CVE-2013-7048)
OpenStack Security Advisory: 2014-001 CVE: CVE-2013-7048 Date: January 13, 2013 Title: Nova live snapshots use an insecure local directory Reporter: Daniel Berrange (Red Hat) Products: Nova Affects: Grizzly and later Description: Daniel Berrange from Red Hat reported that the directories used to temporarily store live snapshots on Nova compute nodes were writable to all local users. A local attacker with shell access on compute nodes could therefore read and modify the contents of live snapshots before those are uploaded to the image service. Icehouse (development branch) fix: https://review.openstack.org/#/c/58852/ Havana fix: https://review.openstack.org/#/c/60548/ Grizzly fix: https://review.openstack.org/#/c/60550/ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7048 https://bugs.launchpad.net/nova/+bug/1227027 Regards, -- Thierry Carrez OpenStack Vulnerability Management Team
participants (1)
-
Thierry Carrez