Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 13 Jan 2014 14:44:51 +0100
From: Thierry Carrez <>
To: Open Source Security <>
Subject: [OSSA 2014-001] Nova live snapshots use an insecure local directory

OpenStack Security Advisory: 2014-001
CVE: CVE-2013-7048
Date: January 13, 2013
Title: Nova live snapshots use an insecure local directory
Reporter: Daniel Berrange (Red Hat)
Products: Nova
Affects: Grizzly and later

Daniel Berrange from Red Hat reported that the directories used to
temporarily store live snapshots on Nova compute nodes were writable to
all local users. A local attacker with shell access on compute nodes
could therefore read and modify the contents of live snapshots before
those are uploaded to the image service.

Icehouse (development branch) fix:

Havana fix:

Grizzly fix:



Thierry Carrez
OpenStack Vulnerability Management Team

Download attachment "signature.asc" of type "application/pgp-signature" (902 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ