OSSA-2014-009: Nova host data leak to vm instance in rescue mode

OSSA-2014-009: Nova host data leak to vm instance in rescue mode

Date:March 27, 2014
CVE:CVE-2014-0134

Affects

  • Nova: 2013.2 versions up to 2013.2.2

Description

Stanislaw Pitucha from Hewlett Packard reported a vulnerability in the Nova instance rescue mode. By overwriting the disk inside an instance with a malicious image and switching the instance to rescue mode, an authenticated user would be able to leak an arbitrary file from the compute host to the virtual instance. Note that the host file must be readable by the libvirt/kvm context to be exposed. Only setups using libvirt to spawn instance, and having “use_cow_images = False” in Nova configuration are affected.

Credits

  • Stanislaw Pitucha from HP (CVE-2014-0134)
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.