exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 2 of 2 RSS Feed

CVE-2012-5625

Status Candidate

Overview

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

Related Files

Red Hat Security Advisory 2013-0208-01
Posted Jan 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0208-01 - The openstack-nova packages provide OpenStack Compute, a cloud computing fabric controller. The openstack-nova packages have been upgraded to upstream version 2012.2.2, which provides a number of bug fixes over the previous version. This update also fixes the following security issues: It was found that the boot-from-volume feature in nova-volume did not correctly validate if the user attempting to boot an image was permitted to do so. An authenticated user could use this flaw to bypass intended restrictions, allowing them to boot images they would otherwise not have access to, exposing data stored in other users' images. This issue did not affect configurations using the Cinder block storage mechanism, which is the default in Red Hat OpenStack.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-5625, CVE-2013-0208
SHA-256 | 5fd88f6598b40a559cd20867e3debfeaa0cd71227c88be7a409d9824869f3f9b
Ubuntu Security Notice USN-1663-1
Posted Dec 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1663-1 - Eric Windisch discovered that Nova did not properly clear LVM-backed images before they were reallocated which could potentially lead to an information leak. This issue only affected setups using libvirt LVM-backed instances.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-5625
SHA-256 | 47552d961cb7420e227e0d7f341bfa33241e9daa98c95fecf923a48db77bb204
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close