OSSA-2014-001: Nova live snapshots use an insecure local directory

OSSA-2014-001: Nova live snapshots use an insecure local directory

Date:January 13, 2014
CVE:CVE-2013-7048

Affects

  • Nova: Grizzly and later

Description

Daniel Berrange from Red Hat reported that the directories used to temporarily store live snapshots on Nova compute nodes were writable to all local users. A local attacker with shell access on compute nodes could therefore read and modify the contents of live snapshots before those are uploaded to the image service.

Credits

  • Daniel Berrange from Red Hat (CVE-2013-7048)
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.