CVE-2013-7130 – nova: Live migration can leak root disk into ephemeral storage
https://notcve.org/view.php?id=CVE-2013-7130
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage. El método i_create_images_and_backing (también conocido como create_images_and_backing) en el driver libvirt en OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, cuando hace uso de un bloque de migración KVM en vivo, no crea debidamente todos los archivos esperados, lo que permite a atacantes obtener contenido de una instantánea del disco raíz de otros usuarios a través del almacenamiento efímero. • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html http://osvdb.org/102416 http://rhn.redhat.com/errata/RHSA-2014-0231.html http://secunia.com/advisories/56450 http://www.openwall.com/lists/oss-security/2014/01/23/5 http://www.securityfocus.com/bid/65106 http://www.ubuntu.com/usn/USN-2247-1 https://bugs.launchpad.net/nova/+bug/1251590 https://exchange.xfo • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-4463 – Nova: Compressed disk image DoS
https://notcve.org/view.php?id=CVE-2013-4463
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. OpenStack Compute (Nova) Folsom, Grizzly y Havana no verifican debidamente el tamaño virtual de una imagen QCOW2, lo que permite a usuarios locales causar un denegación de servicio (consumo de disco del sistema de archivos host) a través de una imagen QCOW2 comprimida. NOTA: este problema es debido a una solución incompleta en CVE-2013-2096. • http://rhn.redhat.com/errata/RHSA-2014-0112.html http://www.openwall.com/lists/oss-security/2013/10/31/3 http://www.ubuntu.com/usn/USN-2247-1 https://bugs.launchpad.net/nova/+bug/1206081 https://access.redhat.com/security/cve/CVE-2013-4463 https://bugzilla.redhat.com/show_bug.cgi?id=1023239 • CWE-399: Resource Management Errors •
CVE-2013-2030
https://notcve.org/view.php?id=CVE-2013-2030
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. keystone/middleware/auth_token.py en OpenStack Nova Folsom, Grizzly, y Havana, utiliza un directorio temporal inseguro para almacenar certificados de firma, lo cual permite a usuarios locales impersonar servidores mediante la creación previa de este directorio, que es reutilizado por Nova, como se muestra utilizando /tmp/keystone-signing-nova en Fedora. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html http://www.openwall.com/lists/oss-security/2013/05/09/2 https://bugs.launchpad.net/nova/+bug/1174608 https://bugzilla.redhat.com/show_bug.cgi?id=958285 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4497 – openstack-nova: XenAPI security groups not kept through migrate or resize
https://notcve.org/view.php?id=CVE-2013-4497
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. El backend XenAPI en OpenStack Compute (Nova) Folsom, Grizzly, y Habana anterior a 2013.2 no se aplica correctamente los grupos de seguridad (1) al cambiar el tamaño de una imagen o (2) durante la migración en tiempo real, lo que permite a atacantes remotos evitar las restricciones previstas. • http://www.openwall.com/lists/oss-security/2013/11/03/2 http://www.openwall.com/lists/oss-security/2013/11/03/3 https://bugs.launchpad.net/nova/+bug/1073306 https://bugs.launchpad.net/nova/+bug/1202266 https://access.redhat.com/security/cve/CVE-2013-4497 https://bugzilla.redhat.com/show_bug.cgi?id=1026171 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4477 – openstack-keystone: unintentional role granting with Keystone LDAP backend
https://notcve.org/view.php?id=CVE-2013-4477
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges. El backend LDAP en OpenStack Identity (Keystone) Grizzly y Habana, cuando al retirar un rol de un inquilino para un usuario que no tiene esa función, añade el role al usuario, lo que permite a usuarios locales conseguir privilegios. • http://rhn.redhat.com/errata/RHSA-2014-0113.html http://www.openwall.com/lists/oss-security/2013/10/30/6 http://www.ubuntu.com/usn/USN-2034-1 https://bugs.launchpad.net/keystone/+bug/1242855 https://access.redhat.com/security/cve/CVE-2013-4477 https://bugzilla.redhat.com/show_bug.cgi?id=1024401 • CWE-264: Permissions, Privileges, and Access Controls •