PT-2014-3492 · Red Hat+2 · Libvirt+2

Stanislaw Pitucha

Publicado

2014-05-08

Atualizado

2022-05-17

CVE-2014-0134

CVSS v2.0

3.5

Baixa

Vetor

AV:N/AC:M/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions 2013.2 through 2013.2.2 OpenStack Compute (Nova) versions prior to 2014.1 in the Icehouse release

Description The issue allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image when using libvirt to spawn images and use cow images is set to false.

Recommendations For OpenStack Compute (Nova) versions 2013.2 through 2013.2.2, update to version 2013.2.3 or later. For OpenStack Compute (Nova) versions prior to 2014.1 in the Icehouse release, update to version 2014.1 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2014-0134

GHSA-W429-XC55-HC48

PYSEC-2014-112

RHSA-2014:0578

USN-2247-1

Produtos afetados

Openstack Compute

Ubuntu

Libvirt

PT-2014-3492 · Red Hat+2 · Libvirt+2

CVE-2014-0134

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 23