|
Message-ID: <533460E6.6030009@enovance.com>
Date: Thu, 27 Mar 2014 18:33:26 +0100
From: Tristan Cacqueray <tristan.cacqueray@...vance.com>
To: oss-security@...ts.openwall.com
Subject: [OSSA 2014-009] Nova host data leak to vm instance in rescue mode
(CVE-2014-0134)
OpenStack Security Advisory: 2014-009
CVE: CVE-2014-0134
Date: March 27, 2014
Title: Nova host data leak to vm instance in rescue mode.
Reporter: Stanislaw Pitucha (HP)
Products: Nova
Versions: 2013.2 versions up to 2013.2.2
Description:
Stanislaw Pitucha from Hewlett Packard reported a vulnerability in the
Nova instance rescue mode. By overwriting the disk inside an instance
with a malicious image and switching the instance to rescue mode, an
authenticated user would be able to leak an arbitrary file from the
compute host to the virtual instance. Note that the host file must be
readable by the libvirt/kvm context to be exposed. Only setups using
libvirt to spawn instance, and having "use_cow_images = False" in Nova
configuration are affected.
Icehouse (development branch) fix:
https://review.openstack.org/82840
Havana fix:
https://review.openstack.org/82841
Notes:
This fix will be included in the icehouse-rc1 development milestone and
in a future 2013.2.3 release.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0134
https://launchpad.net/bugs/1221190
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
Download attachment "signature.asc" of type "application/pgp-signature" (556 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.