Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0134


Vulnerability Score 3.5 3.5
CVE Id CVE-2014-0134
Last Modified 21 Jun 2014 12:38:06
Published 08 May 2014 10:29:13
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE



The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.

Vulnerable Systems


  • Openstack Compute 2013.2

  • Openstack Compute 2013.2.1

  • Openstack Compute 2013.2.2



MLIST - [oss-security] 20140327 [OSSA 2014-009] Nova host data leak to vm instance in rescue mode (CVE-2014-0134)

UBUNTU - USN-2247-1

Last Updated: 27 May 2016 11:05:36