Date: Fri, 24 Jan 2014 02:38:24 +1000 From: Grant Murphy <gmurphy@...hat.com> To: oss-security@...ts.openwall.com Subject: [OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130) OpenStack Security Advisory: 2014-003 CVE: CVE-2013-7130 Date: January 23, 2014 Title: Live migration can leak root disk into ephemeral storage Reporter: Loganathan Parthipan (HP) Products: Nova Affects: All supported versions Description: Loganathan Parthipan from Hewlett Packard reported a vulnerability in the Nova libvirt driver. By spawning a server with the same flavor as another user's migrated virtual machine, an authenticated user can potentially access that user's snapshot content resulting in information leakage. Only setups using KVM live block migration are affected. Icehouse (development branch) fix: https://review.openstack.org/#/c/68658/ Havana (development branch) fix: https://review.openstack.org/#/c/68659/ Grizzly fix: https://review.openstack.org/#/c/68660/ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7130 https://bugs.launchpad.net/nova/+bug/1251590 -- Grant Murphy OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (231 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ