ID CVE-2015-7713 Type cve Reporter NVD Modified 2018-11-16T10:17:32
Description
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
{"redhat": [{"lastseen": "2018-12-11T17:41:22", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "2014.2.3-42.el7ost", "arch": "noarch", "packageName": "openstack-nova", "packageFilename": "openstack-nova-2014.2.3-42.el7ost.noarch.rpm", "operator": "lt"}], "description": "OpenStack Compute (nova) launches and schedules large networks of \nvirtual machines, creating a redundant and scalable cloud computing \nplatform. Compute provides the software, control panels, and APIs \nrequired to orchestrate a cloud, including running virtual machine \ninstances and controlling access through users and projects.\n\nA vulnerability was discovered in the way OpenStack Compute (nova)\nnetworking handled security group updates; changes were not applied to\nalready running VM instances. A remote attacker could use this flaw to\naccess running VM instances. (CVE-2015-7713)\n\nAdditional bug fixes include:\n\n* Suspending an instance with a pre-created port that uses\n binding:vnic_type='direct' previously failed; this has been fixed\n with an update to the API.(BZ#1196054)\n\n* When using multipath-backed volumes using Object Storage (cinder), \n attach attempts failed without error. The handling of device \n identifiers has been updated and volumes can now be attached. \n (BZ#1206699)\n\n* Previously, OpenStack Compute did not conform to PEP8 conventions;\n this has been fixed. (BZ#1278411)\n\n* With a faulty lun in a multipath device, Compute tried to use the \n wrong device. Compute now uses the correct device, and instances\n can boot normally. (BZ#1280359)\n\n* When using a FCoE adapter instead of a FC adapter, volumes \n previously failed to attach to the VM. This issue has been fixed. \n (BZ#1284033) \n\nAll openstack-nova users are advised to upgrade to these updated \npackages, which correct these issues and add these enhancements.", "reporter": "RedHat", "published": "2016-01-08T01:40:48", "type": "redhat", "title": "(RHSA-2016:0013) Moderate: openstack-nova security and bug fix advisory", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-7713"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-19T16:26:57", "id": "RHSA-2016:0013", "href": "https://access.redhat.com/errata/RHSA-2016:0013", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T17:44:57", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "2015.1.2-7.el7ost", "arch": "noarch", "packageName": "openstack-nova", "packageFilename": "openstack-nova-2015.1.2-7.el7ost.noarch.rpm", "operator": "lt"}], "description": "OpenStack Compute (nova) launches and schedules large networks of virtual\nmachines, creating a redundant and scalable cloud computing platform.\nCompute provides the software, control panels, and APIs required to\norchestrate a cloud, including running virtual machine instances and\ncontrolling access through users and projects.\n\nA vulnerability was discovered in the way OpenStack Compute (nova)\nnetworking handled security group updates; changes were not applied to\nalready running VM instances. A remote attacker could use this flaw to\naccess running VM instances. (CVE-2015-7713)\n\nAdditional updates include:\n\n* The openstack-nova packages have been upgraded to upstream version \n2015.1.2. See https://launchpad.net/nova/kilo/2015.1.2 for a complete list\nof bug fixes and enhancements. (BZ#1274875)\n\n* When using huge pages, the back-end memory for a guest was configured as\nprivate. This disallowed an external process connected to a vhostuser VIF\ntype to access the QEMU guest's memory, which is required by the QEMU\nnetwork driver functionality. The memory mappings are now marked as\nshared, and the external process to provide QEMU network is able to access\nthe guest's memory. (BZ#1215790)\n\n* The termination of a WSGI application or an RPC server immediately\nstopped the service and interrupted requests that were in progress. This\nupdate adds a graceful handler for the SIGTERM signal sent to the parent\nWSGI process, so the termination is performed gracefully, which allows\nongoing processes to continue. (BZ#1250269)\n\n* Previously, novaclient records requested time even when timing was set \nto False. As a consequence, system memory kept increasing. With this\nupdate, when timing is set to True, the time of each request is recorded \nand the timings are reset to clear the memory, which no longer\nincreases. (BZ#1260868)\n\n* An earlier update changed the return value when no host devices were\nfound when connecting to an iSCSI or iSER volume. Consequently, when no\nhost devices were found, an exception was thrown and the connect volume\nattempt failed. This update adds an additional check to ensure\nos.path.exists(None) is never called. As a result, an exception is no\nlonger thrown and the connect logic correctly retries finding present\nhost devices. (BZ#1268051)\n\n* Compute's rootwrap filters restricted an `ln` command used by the volume\nencryption providers to a specific iSCSI related target path. Consequently,\niSER, NFS, and FC volumes encountered failures because the `ln` command was\nrejected by Compute's rootwrap filters. This update makes Nova's rootwrap\nfilters more generic when calling `ln` allowing the volume encryption\nproviders to succeed. (BZ#1273466)\n\n* FCoE devices have different sysfs paths to standard FC devices.\nConsequently, Nova failed when attempting to attach an FCoE based volume\nto an instance as it assumed these paths were the same. This update ensures\nthat the required PCI information is parsed from both FC and FCoE sysfs\ndevice paths. As a result, Nova now succeeds in attaching FCoE based\nvolumes to instances. (BZ#1274054)\n\n* Nova failed to parse the output from the `multipath -l ${device}` command\nwhen errors were present. Consequently, the attaching and detaching of\nvolumes could fail. This update corrects the find_multipath_device method\nto ensure that any errors present in the output from the aforementioned\ncommand are ignored. As a result, both the attaching and detaching of\nvolumes will now succeed even if errors occur. (BZ#1275937)\n\n* Volumes were not correctly detached if an error was encountered during\nthe attach process, and could be left attached to an instance, resulting\nin data loss. This update ensures that the volume is both detached\nand the connection to the volume closed in the event of a failure during\nthe attach process. (BZ#1276011)\n\n* The ability of the libvirt driver to set the admin password has been \nadded. To use this feature, run the following command: \n nova root-password [server]\n(BZ#1261100)", "reporter": "RedHat", "published": "2015-12-21T21:34:22", "type": "redhat", "title": "(RHSA-2015:2673) Moderate: openstack-nova security and bug fix advisory", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-7713"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-19T16:30:42", "id": "RHSA-2015:2673", "href": "https://access.redhat.com/errata/RHSA-2015:2673", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T17:44:37", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "2014.1.5-9.el7ost", "arch": "noarch", "packageName": "openstack-nova", "packageFilename": "openstack-nova-2014.1.5-9.el7ost.noarch.rpm", "operator": "lt"}], "description": "OpenStack Compute (nova) launches and schedules large networks of \nvirtual machines, creating a redundant and scalable cloud computing \nplatform. Compute provides the software, control panels, and APIs \nrequired to orchestrate a cloud, including running virtual machine \ninstances and controlling access through users and projects.\n\nA vulnerability was discovered in the way OpenStack Compute (nova)\nnetworking handled security group updates; changes were not applied to\nalready running VM instances. A remote attacker could use this flaw to\naccess running VM instances. (CVE-2015-7713)\n\nAdditional bug fixes include:\n\n* In some cases, Compute did not start instances when RHEL was \ninstalled with a locale other than en_US. The update ensures that \nlogging an exception no longer causes Unicode issues. (BZ#1190837)\n\nAll openstack-nova users are advised to upgrade to these updated \npackages, which correct these issues and add these enhancements.", "reporter": "RedHat", "published": "2015-12-21T23:32:35", "type": "redhat", "title": "(RHSA-2015:2684) Moderate: openstack-nova secuity and bug fix advisory", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-7713"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-19T16:26:44", "id": "RHSA-2015:2684", "href": "https://access.redhat.com/errata/RHSA-2015:2684", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-11T19:42:03", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2014.1.5-16.el6ost", "arch": "noarch", "packageName": "openstack-nova", "packageFilename": "openstack-nova-2014.1.5-16.el6ost.noarch.rpm", "operator": "lt"}], "description": "OpenStack Compute (nova) launches and schedules large networks of virtual\nmachines, creating a redundant and scalable cloud computing platform.\nCompute provides the software, control panels, and APIs required to\norchestrate a cloud, including running virtual machine instances and\ncontrolling access through users and projects.\n\nA flaw was discovered in the OpenStack Compute (nova) snapshot feature when\nusing the libvirt driver. A compute user could overwrite an attached\ninstance disk with a malicious header specifying a backing file, and then\nrequest a snapshot, causing a file from the compute host to be leaked. This\nflaw only affects LVM or Ceph setups, or setups using filesystem storage\nwith \"use_cow_images = False\". (CVE-2015-7548)\n\nA vulnerability was discovered in the way OpenStack Compute (nova)\nnetworking handled security group updates; changes were not applied to\nalready running VM instances. A remote attacker could use this flaw to\naccess running VM instances. (CVE-2015-7713)\n\nThe CVE-2015-7548 issue was discovered by Matthew Booth of Red Hat\nOpenStack Engineering.\n\nAll openstack-nova users are advised to upgrade to these updated packages,\nwhich correct these issues.", "reporter": "RedHat", "published": "2016-01-11T04:07:38", "type": "redhat", "title": "(RHSA-2016:0017) Important: openstack-nova security advisory", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-7548", "CVE-2015-7713"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T02:47:54", "id": "RHSA-2016:0017", "href": "https://access.redhat.com/errata/RHSA-2016:0017", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:38", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3280", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7713", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7548", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-5162", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-2140", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8749", "https://people.canonical.com/~ubuntu-security/cve/CVE-2015-3241"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "1:2014.1.5-0ubuntu1.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python-nova", "operator": "lt"}], "description": "George Shuklin discovered that OpenStack Nova incorrectly handled the migration process. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-3241)\n\nGeorge Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly handled deleting instances. A remote authenticated user could use this issue to consume disk resources, resulting in a denial of service. (CVE-2015-3280)\n\nIt was discovered that OpenStack Nova incorrectly limited qemu-img calls. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-5162)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled snapshots. A remote authenticated user could use this issue to read arbitrary files. (CVE-2015-7548)\n\nSreekumar S. and Suntao discovered that OpenStack Nova incorrectly applied security group changes. A remote attacker could possibly use this issue to bypass intended restriction changes by leveraging an instance that was running when the change was made. (CVE-2015-7713)\n\nMatt Riedemann discovered that OpenStack Nova incorrectly handled logging. A local attacker could possibly use this issue to obtain sensitive information from log files. (CVE-2015-8749)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled certain qcow2 headers. A remote authenticated user could possibly use this issue to read arbitrary files. (CVE-2016-2140)", "edition": 3, "reporter": "Ubuntu", "published": "2017-10-11T00:00:00", "title": "OpenStack Nova vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-5162", "CVE-2015-8749", "CVE-2015-3241", "CVE-2016-2140", "CVE-2015-3280", "CVE-2015-7548", "CVE-2015-7713"], "modified": "2017-10-11T00:00:00", "id": "USN-3449-1", "href": "https://usn.ubuntu.com/3449-1/", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-11-19T12:57:25", "references": ["http://www.ubuntu.com/usn/usn-3449-1/", "3449-1"], "pluginID": "1361412562310843332", "description": "The remote host is missing an update for the ", "edition": 6, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-10-12T00:00:00", "title": "Ubuntu Update for nova USN-3449-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5162", "CVE-2015-8749", "CVE-2015-3241", "CVE-2016-2140", "CVE-2015-3280", "CVE-2015-7548", "CVE-2015-7713"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310843332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3449_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for nova USN-3449-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843332\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-12 10:26:14 +0200 (Thu, 12 Oct 2017)\");\n script_cve_id(\"CVE-2015-3241\", \"CVE-2015-3280\", \"CVE-2015-5162\", \"CVE-2015-7548\",\n \"CVE-2015-7713\", \"CVE-2015-8749\", \"CVE-2016-2140\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for nova USN-3449-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nova'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"George Shuklin discovered that OpenStack\n Nova incorrectly handled the migration process. A remote authenticated user\n could use this issue to consume resources, resulting in a denial of service.\n (CVE-2015-3241) George Shuklin and Tushar Patil discovered that OpenStack Nova\n incorrectly handled deleting instances. A remote authenticated user could use\n this issue to consume disk resources, resulting in a denial of service.\n (CVE-2015-3280) It was discovered that OpenStack Nova incorrectly limited\n qemu-img calls. A remote authenticated user could use this issue to consume\n resources, resulting in a denial of service. (CVE-2015-5162) Matthew Booth\n discovered that OpenStack Nova incorrectly handled snapshots. A remote\n authenticated user could use this issue to read arbitrary files. (CVE-2015-7548)\n Sreekumar S. and Suntao discovered that OpenStack Nova incorrectly applied\n security group changes. A remote attacker could possibly use this issue to\n bypass intended restriction changes by leveraging an instance that was running\n when the change was made. (CVE-2015-7713) Matt Riedemann discovered that\n OpenStack Nova incorrectly handled logging. A local attacker could possibly use\n this issue to obtain sensitive information from log files. (CVE-2015-8749)\n Matthew Booth discovered that OpenStack Nova incorrectly handled certain qcow2\n headers. A remote authenticated user could possibly use this issue to read\n arbitrary files. (CVE-2016-2140)\");\n script_tag(name:\"affected\", value:\"nova on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3449-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3449-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-nova\", ver:\"1:2014.1.5-0ubuntu1.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-12-02T15:38:29", "references": ["https://usn.ubuntu.com/3449-1/"], "pluginID": "103812", "description": "George Shuklin discovered that OpenStack Nova incorrectly handled the migration process. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-3241)\n\nGeorge Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly handled deleting instances. A remote authenticated user could use this issue to consume disk resources, resulting in a denial of service. (CVE-2015-3280)\n\nIt was discovered that OpenStack Nova incorrectly limited qemu-img calls. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-5162)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled snapshots. A remote authenticated user could use this issue to read arbitrary files. (CVE-2015-7548)\n\nSreekumar S. and Suntao discovered that OpenStack Nova incorrectly applied security group changes. A remote attacker could possibly use this issue to bypass intended restriction changes by leveraging an instance that was running when the change was made. (CVE-2015-7713)\n\nMatt Riedemann discovered that OpenStack Nova incorrectly handled logging. A local attacker could possibly use this issue to obtain sensitive information from log files. (CVE-2015-8749)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled certain qcow2 headers. A remote authenticated user could possibly use this issue to read arbitrary files. (CVE-2016-2140).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 8, "reporter": "Tenable", "published": "2017-10-12T00:00:00", "title": "Ubuntu 14.04 LTS : nova vulnerabilities (USN-3449-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5162", "CVE-2015-8749", "CVE-2015-3241", "CVE-2016-2140", "CVE-2015-3280", "CVE-2015-7548", "CVE-2015-7713"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python-nova", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3449-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103812", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3449-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103812);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/12/01 15:12:41\");\n\n script_cve_id(\"CVE-2015-3241\", \"CVE-2015-3280\", \"CVE-2015-5162\", \"CVE-2015-7548\", \"CVE-2015-7713\", \"CVE-2015-8749\", \"CVE-2016-2140\");\n script_xref(name:\"USN\", value:\"3449-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : nova vulnerabilities (USN-3449-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"George Shuklin discovered that OpenStack Nova incorrectly handled the\nmigration process. A remote authenticated user could use this issue to\nconsume resources, resulting in a denial of service. (CVE-2015-3241)\n\nGeorge Shuklin and Tushar Patil discovered that OpenStack Nova\nincorrectly handled deleting instances. A remote authenticated user\ncould use this issue to consume disk resources, resulting in a denial\nof service. (CVE-2015-3280)\n\nIt was discovered that OpenStack Nova incorrectly limited qemu-img\ncalls. A remote authenticated user could use this issue to consume\nresources, resulting in a denial of service. (CVE-2015-5162)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled\nsnapshots. A remote authenticated user could use this issue to read\narbitrary files. (CVE-2015-7548)\n\nSreekumar S. and Suntao discovered that OpenStack Nova incorrectly\napplied security group changes. A remote attacker could possibly use\nthis issue to bypass intended restriction changes by leveraging an\ninstance that was running when the change was made. (CVE-2015-7713)\n\nMatt Riedemann discovered that OpenStack Nova incorrectly handled\nlogging. A local attacker could possibly use this issue to obtain\nsensitive information from log files. (CVE-2015-8749)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled\ncertain qcow2 headers. A remote authenticated user could possibly use\nthis issue to read arbitrary files. (CVE-2016-2140).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3449-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-nova package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-nova\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python-nova\", pkgver:\"1:2014.1.5-0ubuntu1.7\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-nova\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
