Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0335

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2013-0335
Last Modified 04 Jun 2013 11:40:45
Published 22 Mar 2013 05:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2013-0335

Summary

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 11.10

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 12.10

Application

  • Openstack Essex 2012.1

  • Openstack Folsom 2012.2

  • Openstack Grizzly 2012.2


References

CONFIRM - https://review.openstack.org/#/c/22872/

CONFIRM - https://review.openstack.org/#/c/22758

CONFIRM - https://review.openstack.org/#/c/22086/

CONFIRM - https://bugs.launchpad.net/nova/+bug/1125378

UBUNTU - USN-1771-1

OSVDB - 90657

MLIST - [oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)

SECUNIA - 52728

SECUNIA - 52337

REDHAT - RHSA-2013:0709


Last Updated: 27 May 2016 11:02:11