Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 24 Jan 2014 02:38:24 +1000
From: Grant Murphy <gmurphy@...hat.com>
To: oss-security@...ts.openwall.com
Subject: [OSSA 2014-003] Live migration can leak root disk into ephemeral
 storage (CVE-2013-7130)

OpenStack Security Advisory: 2014-003
CVE: CVE-2013-7130
Date: January 23, 2014

Title: Live migration can leak root disk into ephemeral storage
Reporter: Loganathan Parthipan (HP)
Products: Nova
Affects: All supported versions

Description:
Loganathan Parthipan from Hewlett Packard reported a vulnerability in
the Nova libvirt driver. By spawning a server with the same flavor as
another user's migrated virtual machine, an authenticated user can
potentially access that user's snapshot content resulting in information
leakage. Only setups using KVM live block migration are affected.


Icehouse (development branch) fix:
https://review.openstack.org/#/c/68658/

Havana (development branch) fix:
https://review.openstack.org/#/c/68659/

Grizzly fix:
https://review.openstack.org/#/c/68660/


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7130
https://bugs.launchpad.net/nova/+bug/1251590

-- 
Grant Murphy
OpenStack Vulnerability Management Team

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ