Your submission was sent successfully! Close

CVE-2014-3517

Published: 7 August 2014

api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.

Priority

Medium

Status

Package Release Status
nova
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable

trusty Does not exist
(trusty was released [1:2014.1.2-0ubuntu1])
upstream
Released (2014.1.1-8,2014.1.2)
Patches:
upstream: https://review.openstack.org/107396 (juno)
upstream: https://review.openstack.org/#/c/107397/ (icehouse)