Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5625

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5625
Last Modified 15 Feb 2013 12:04:25
Published 26 Dec 2012 05:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5625

Summary

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

Vulnerable Systems

Application

  • Openstack Folsom 2012.2

  • Openstack Grizzly -


References

CONFIRM - https://launchpad.net/nova/folsom/2012.2.2

CONFIRM - https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354

CONFIRM - https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f

CONFIRM - https://bugs.launchpad.net/nova/+bug/1070539

UBUNTU - USN-1663-1

BID - 56904

MLIST - [oss-security] 20121211 [OSSA 2012-020] Information leak in libvirt LVM-backed instances (CVE-2012-5625)

OSVDB - 88419

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=884293

REDHAT - RHSA-2013:0208


Last Updated: 27 May 2016 11:01:52