|
Message-ID: <1390495104.8188.18.camel@lappy>
Date: Fri, 24 Jan 2014 02:38:24 +1000
From: Grant Murphy <gmurphy@...hat.com>
To: oss-security@...ts.openwall.com
Subject: [OSSA 2014-003] Live migration can leak root disk into ephemeral
storage (CVE-2013-7130)
OpenStack Security Advisory: 2014-003
CVE: CVE-2013-7130
Date: January 23, 2014
Title: Live migration can leak root disk into ephemeral storage
Reporter: Loganathan Parthipan (HP)
Products: Nova
Affects: All supported versions
Description:
Loganathan Parthipan from Hewlett Packard reported a vulnerability in
the Nova libvirt driver. By spawning a server with the same flavor as
another user's migrated virtual machine, an authenticated user can
potentially access that user's snapshot content resulting in information
leakage. Only setups using KVM live block migration are affected.
Icehouse (development branch) fix:
https://review.openstack.org/#/c/68658/
Havana (development branch) fix:
https://review.openstack.org/#/c/68659/
Grizzly fix:
https://review.openstack.org/#/c/68660/
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7130
https://bugs.launchpad.net/nova/+bug/1251590
--
Grant Murphy
OpenStack Vulnerability Management Team
Download attachment "signature.asc" of type "application/pgp-signature" (231 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.