CVE-2013-7048
Published: 23 January 2014
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.
Priority
Low
Status
| Package | Release | Status |
|---|---|---|
|
nova Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(1:2014.1~b3-0ubuntu2)
|
|
|
Patches: Upstream: https://git.openstack.org/cgit/openstack/nova/commit/?id=8a34fc3d48c467aa196f65eed444ccdc7c02f19f (master) Upstream: https://git.openstack.org/cgit/openstack/nova/commit/?id=75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d (havana) Upstream: https://git.openstack.org/cgit/openstack/nova/commit/?id=9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa (grizzly) |
||
Notes
| Author | Note |
|---|---|
| mdeslaur | OSSA 2014-001 |
| jdstrand | affected code introduced in grizzly (Ubuntu 13.04) requires shell access on the compute node |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7048
- http://lists.openstack.org/pipermail/openstack-announce/2014-January/000184.html
- NVD
- Launchpad
- Debian