Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0134

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2014-0134
Last Modified 21 Jun 2014 12:38:06
Published 08 May 2014 10:29:13
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-0134

Summary

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.

Vulnerable Systems

Application

  • Openstack Compute 2013.2

  • Openstack Compute 2013.2.1

  • Openstack Compute 2013.2.2


References

CONFIRM - https://bugs.launchpad.net/nova/+bug/1221190

MLIST - [oss-security] 20140327 [OSSA 2014-009] Nova host data leak to vm instance in rescue mode (CVE-2014-0134)

UBUNTU - USN-2247-1


Last Updated: 27 May 2016 11:05:36