CVE-2013-0208

Related Files

Red Hat Security Advisory 2013-0208-01

Posted Jan 31, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0208-01 - The openstack-nova packages provide OpenStack Compute, a cloud computing fabric controller. The openstack-nova packages have been upgraded to upstream version 2012.2.2, which provides a number of bug fixes over the previous version. This update also fixes the following security issues: It was found that the boot-from-volume feature in nova-volume did not correctly validate if the user attempting to boot an image was permitted to do so. An authenticated user could use this flaw to bypass intended restrictions, allowing them to boot images they would otherwise not have access to, exposing data stored in other users' images. This issue did not affect configurations using the Cinder block storage mechanism, which is the default in Red Hat OpenStack.

tags | advisory

systems | linux, redhat

advisories | CVE-2012-5625, CVE-2013-0208

SHA-256 | 5fd88f6598b40a559cd20867e3debfeaa0cd71227c88be7a409d9824869f3f9b

Download | Favorite | View

Ubuntu Security Notice USN-1709-1

Posted Jan 30, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1709-1 - Phil Day discovered that nova-volume did not validate access to volumes. An authenticated attacker could exploit this to bypass intended access controls and boot from arbitrary volumes.

tags | advisory, arbitrary

systems | linux, ubuntu

advisories | CVE-2013-0208

SHA-256 | 5177923a98c6ac3d386d478932348341849cee8513897b5d2a3b5446af35bc08

Download | Favorite | View