OSSA-2014-001: Nova live snapshots use an insecure local directory

OSSA-2014-001: Nova live snapshots use an insecure local directory¶

Date:: January 13, 2014
CVE:: CVE-2013-7048

Affects¶

Nova: Grizzly and later

Description¶

Daniel Berrange from Red Hat reported that the directories used to temporarily store live snapshots on Nova compute nodes were writable to all local users. A local attacker with shell access on compute nodes could therefore read and modify the contents of live snapshots before those are uploaded to the image service.

Patches¶

https://review.openstack.org/#/c/60550 (Grizzly)
https://review.openstack.org/#/c/60548 (Havana)
https://review.openstack.org/#/c/58852 (Icehouse)

Credits¶

Daniel Berrange from Red Hat (CVE-2013-7048)

References¶

this page last updated: 2024-03-18 15:52:07

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.