Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-7048

Published: 23 January 2014

OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.

Notes

AuthorNote
mdeslaur
OSSA 2014-001
jdstrand
affected code introduced in grizzly (Ubuntu 13.04)
requires shell access on the compute node

Priority

Low

Status

Package Release Status
nova
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable
(code-not-present)
quantal Not vulnerable
(code-not-present)
raring Ignored
(end of life)
saucy Not vulnerable
(1:2013.2.2-0ubuntu1)
upstream Needs triage

Patches:
upstream: https://git.openstack.org/cgit/openstack/nova/commit/?id=8a34fc3d48c467aa196f65eed444ccdc7c02f19f (master)
upstream: https://git.openstack.org/cgit/openstack/nova/commit/?id=75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d (havana)
upstream: https://git.openstack.org/cgit/openstack/nova/commit/?id=9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa (grizzly)