Showing 1 - 3 of 3

CVE-2014-3641

Status Candidate

Overview

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

Related Files

Ubuntu Security Notice USN-2405-1: Posted Nov 11, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2405-1 - Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated user could exploit this to potentially obtain file contents from the compute host. Amrith Kumar discovered that OpenStack Cinder did not properly sanitize log message contents. Under certain circumstances, a local attacker with read access to Cinder log files could obtain access to sensitive information. Various other issues were also addressed.; tags | advisory, remote, local; systems | linux, ubuntu; advisories | CVE-2014-3641, CVE-2014-7230; SHA-256 | 093befa060a0a74d20668cc4dd13401ce693514f81089d91ae807f5c8f629ff9; Download | Favorite | View

Red Hat Security Advisory 2014-1788-01: Posted Nov 3, 2014; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2014-1788-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage's API. A flaw was found in the GlusterFS and Linux smbfs drivers for OpenStack Block Storage. A remote attacker could use this flaw to disclose an arbitrary file from the cinder-volume host to a virtual instance by cloning and attaching a volume with a malicious qcow2 header.; tags | advisory, remote, arbitrary, local; systems | linux, redhat; advisories | CVE-2014-3641; SHA-256 | 1f14178bc37fd354256e2af3191fa9407b3978bf2f2dae562fcc7b281f85e162; Download | Favorite | View

Red Hat Security Advisory 2014-1787-01: Posted Nov 3, 2014; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2014-1787-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage’s API. A flaw was found in the GlusterFS and Linux smbfs drivers for OpenStack Block Storage. A remote attacker could use this flaw to disclose an arbitrary file from the cinder-volume host to a virtual instance by cloning and attaching a volume with a malicious qcow2 header.; tags | advisory, remote, arbitrary, local; systems | linux, redhat; advisories | CVE-2014-3641; SHA-256 | 97313a1b7d5ecdbf88f466667622cfd15d86f638e73c205a71940c83708b2a62; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 136 files
Jay Turla 111 files
Ubuntu 63 files
Gentoo 33 files
Debian 27 files
sinn3r 23 files
h00die 23 files
Pedro Ribeiro 21 files
juan vazquez 18 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (377)
CentOS (58)
Cisco (1,944)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (386)
iPhone (108)
IRIX (220)
Juniper (70)
Linux (50,966)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,661)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,788)
UNIX (9,443)
UnixWare (187)
Windows (6,732)
Other

CVE-2014-3641

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems