Ubuntu 14.04 LTS : nova vulnerability (USN-2325-1)
2014-08-22T00:00:00
ID UBUNTU_USN-2325-1.NASL Type nessus Reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2014-08-22T00:00:00
Description
Alex Gaynor discovered that OpenStack Nova would sometimes respond
with variable times when comparing authentication tokens. If nova were
configured to proxy metadata requests via Neutron, a remote
authenticated attacker could exploit this to conduct timing attacks
and ascertain configuration details of another instance.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2325-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(77325);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-3517");
script_xref(name:"USN", value:"2325-1");
script_name(english:"Ubuntu 14.04 LTS : nova vulnerability (USN-2325-1)");
script_summary(english:"Checks dpkg output for updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Ubuntu host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"Alex Gaynor discovered that OpenStack Nova would sometimes respond
with variable times when comparing authentication tokens. If nova were
configured to proxy metadata requests via Neutron, a remote
authenticated attacker could exploit this to conduct timing attacks
and ascertain configuration details of another instance.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://usn.ubuntu.com/2325-1/"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected python-nova package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-nova");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/07");
script_set_attribute(attribute:"patch_publication_date", value:"2014/08/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/22");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"14.04", pkgname:"python-nova", pkgver:"1:2014.1.2-0ubuntu1.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-nova");
}
{"id": "UBUNTU_USN-2325-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 14.04 LTS : nova vulnerability (USN-2325-1)", "description": "Alex Gaynor discovered that OpenStack Nova would sometimes respond\nwith variable times when comparing authentication tokens. If nova were\nconfigured to proxy metadata requests via Neutron, a remote\nauthenticated attacker could exploit this to conduct timing attacks\nand ascertain configuration details of another instance.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2014-08-22T00:00:00", "modified": "2014-08-22T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/77325", "reporter": "Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://usn.ubuntu.com/2325-1/"], "cvelist": ["CVE-2014-3517"], "type": "nessus", "lastseen": "2021-01-20T15:27:42", "edition": 22, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-3517"]}, {"type": "ubuntu", "idList": ["USN-2325-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841941"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13927", "SECURITYVULNS:DOC:31012"]}, {"type": "redhat", "idList": ["RHSA-2014:1084", "RHSA-2014:0940"]}, {"type": "nessus", "idList": ["SOLARIS11_NOVA_20141014.NASL"]}], "modified": "2021-01-20T15:27:42", "rev": 2}, "score": {"value": 4.8, "vector": "NONE", "modified": "2021-01-20T15:27:42", "rev": 2}, "vulnersScore": 4.8}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2325-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77325);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3517\");\n script_xref(name:\"USN\", value:\"2325-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : nova vulnerability (USN-2325-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alex Gaynor discovered that OpenStack Nova would sometimes respond\nwith variable times when comparing authentication tokens. If nova were\nconfigured to proxy metadata requests via Neutron, a remote\nauthenticated attacker could exploit this to conduct timing attacks\nand ascertain configuration details of another instance.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2325-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-nova package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-nova\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python-nova\", pkgver:\"1:2014.1.2-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-nova\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "77325", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python-nova", "cpe:/o:canonical:ubuntu_linux:14.04"], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:58:23", "description": "api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.", "edition": 6, "cvss3": {}, "published": "2014-08-07T11:13:00", "title": "CVE-2014-3517", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3517"], "modified": "2018-11-15T20:03:00", "cpe": ["cpe:/a:openstack:nova:2014.2.0", "cpe:/a:openstack:nova:2013.2.4"], "id": "CVE-2014-3517", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3517", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:openstack:nova:2013.2.4:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:44:14", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3517"], "description": "Alex Gaynor discovered that OpenStack Nova would sometimes respond with \nvariable times when comparing authentication tokens. If nova were \nconfigured to proxy metadata requests via Neutron, a remote authenticated \nattacker could exploit this to conduct timing attacks and ascertain \nconfiguration details of another instance.", "edition": 5, "modified": "2014-08-21T00:00:00", "published": "2014-08-21T00:00:00", "id": "USN-2325-1", "href": "https://ubuntu.com/security/notices/USN-2325-1", "title": "OpenStack Nova vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:37:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3517"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-08-22T00:00:00", "id": "OPENVAS:1361412562310841941", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841941", "type": "openvas", "title": "Ubuntu Update for nova USN-2325-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2325_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for nova USN-2325-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841941\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-22 05:57:25 +0200 (Fri, 22 Aug 2014)\");\n script_cve_id(\"CVE-2014-3517\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Ubuntu Update for nova USN-2325-1\");\n\n script_tag(name:\"affected\", value:\"nova on Ubuntu 14.04 LTS\");\n script_tag(name:\"insight\", value:\"Alex Gaynor discovered that OpenStack Nova would sometimes\nrespond with variable times when comparing authentication tokens. If nova were\nconfigured to proxy metadata requests via Neutron, a remote authenticated\nattacker could exploit this to conduct timing attacks and ascertain\nconfiguration details of another instance.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2325-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2325-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nova'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-nova\", ver:\"1:2014.1.2-0ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:47:00", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3517"], "description": "OpenStack Compute (Nova) launches and schedules large networks of virtual\nmachines, creating a redundant and scalable cloud computing platform.\n\nA side-channel timing attack flaw was found in Nova. An attacker could\npossibly use this flaw to guess valid instance ID signatures, giving them\naccess to details of another instance, by analyzing the response times of\nrequests for instance metadata. This issue only affected configurations\nthat proxy metadata requests via Neutron. (CVE-2014-3517)\n\nRed Hat would like to thank the OpenStack project for reporting this issue.\nUpstream acknowledges Alex Gaynor from Rackspace as the original reporter.\n\nThis update also fixes the following bugs:\n\n* The GlusterFS driver changes the file name used to point to a volume when\na snapshot is changed, but in the past the new file name was not stored in\nCompute's block device information.\n\nAs a result, if the VM was shut down and started again, the old file name\nin the snapshot chain was used, resulting in corruption of the qcow2 chain\nand unexpected results in the instance.\n\nThis has been fixed by persisting the new file name in Compute's block\ndevice info when a snapshot is created. Now, GlusterFS volumes work as\nexpected after creating or deleting a snapshot and then rebooting the\ninstance. (BZ#1085852)\n\n* Previously, in some cases, it may not have been possible to attach a\nread-only volume to an instance. (BZ#1100358)\n\n* The sysfsutils package enables the Compute service to attach Block\nStorage volumes. This package is automatically installed by PackStack.\nHowever, sysfsutils was not a dependency of the Compute service; as such,\nwhen not using PackStack, it was possible to deploy OpenStack without\nsysfsutils installed. When this occurred, the Compute service was unable to\nattach Block Storage volumes.\n\nWith this release, the sysfsutils package is now a dependency of the\nCompute service. This ensures that sysfsutils is installed, regardless of\nwhat deployment method is used. (BZ#1114637)\n\n* An issue with Fibre Channel Cinder volumes not being removed after the\nimage has been destroyed has been fixed. (BZ#1115375)\n\n* This update fixes legacy group support, allowing you to provide a group\nby name in the scheduler hint instead of using the new server groups API.\n(BZ#1116866)\n\n* The openstack-nova package has been updated to upstream version\n2014.1.1, which fixes a number of bugs. (BZ#1117895)\n\nAll openstack-nova users are advised to upgrade to these updated packages,\nwhich correct these issues.\n", "modified": "2018-03-19T16:26:44", "published": "2014-07-24T04:00:00", "id": "RHSA-2014:0940", "href": "https://access.redhat.com/errata/RHSA-2014:0940", "type": "redhat", "title": "(RHSA-2014:0940) Moderate: openstack-nova security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:46:09", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0167", "CVE-2014-3517"], "description": "OpenStack Compute (nova) launches and schedules large networks of virtual\nmachines, creating a redundant and scalable cloud computing platform.\nCompute provides the software, control panels, and APIs required to\norchestrate a cloud, including running virtual machine instances, managing\nnetworks, and controlling access through users and projects.\n\nIt was found that RBAC policies were not enforced in certain methods of the\nOpenStack Compute EC2 (Amazon Elastic Compute Cloud) API. A remote attacker\ncould use this flaw to escalate their privileges beyond the user group they\nwere originally restricted to. Note that only certain setups using\nnon-default RBAC rules for OpenStack Compute were affected. (CVE-2014-0167)\n\nA side-channel timing attack flaw was found in nova. An attacker could\npossibly use this flaw to guess valid instance ID signatures, giving them\naccess to details of another instance, by analyzing the response times of\nrequests for instance metadata. This issue only affected configurations\nthat proxy metadata requests via neutron. (CVE-2014-3517)\n\nRed Hat would like to thank the OpenStack project for reporting these\nissues. Upstream acknowledges Marc Heckmann of Ubisoft as the original\nreporter of CVE-2014-0167, and Alex Gaynor from Rackspace as the original\nreporter of CVE-2014-3517.\n\nThis update also fixes several bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll openstack-nova users are advised to upgrade to these updated packages,\nwhich correct these issues and add this enhancement.\n", "modified": "2018-06-07T02:47:48", "published": "2014-08-21T04:00:00", "id": "RHSA-2014:1084", "href": "https://access.redhat.com/errata/RHSA-2014:1084", "type": "redhat", "title": "(RHSA-2014:1084) Moderate: openstack-nova security, bug fix, and enhancement update", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:53", "bulletinFamily": "software", "cvelist": ["CVE-2014-3517"], "description": "\r\n\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2325-1\r\nAugust 21, 2014\r\n\r\nnova vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.04 LTS\r\n\r\nSummary:\r\n\r\nOpenStack Nova could be made to expose sensitive information over the\r\nnetwork.\r\n\r\nSoftware Description:\r\n- nova: OpenStack Compute cloud infrastructure\r\n\r\nDetails:\r\n\r\nAlex Gaynor discovered that OpenStack Nova would sometimes respond with\r\nvariable times when comparing authentication tokens. If nova were\r\nconfigured to proxy metadata requests via Neutron, a remote authenticated\r\nattacker could exploit this to conduct timing attacks and ascertain\r\nconfiguration details of another instance.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.04 LTS:\r\n python-nova 1:2014.1.2-0ubuntu1.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2325-1\r\n CVE-2014-3517\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/nova/1:2014.1.2-0ubuntu1.1\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2014-08-24T00:00:00", "published": "2014-08-24T00:00:00", "id": "SECURITYVULNS:DOC:31012", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31012", "title": "[USN-2325-1] OpenStack Nova vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-3473", "CVE-2014-3475", "CVE-2014-3476", "CVE-2014-3555", "CVE-2014-4615", "CVE-2014-3517", "CVE-2013-6433", "CVE-2014-3497", "CVE-2014-3594", "CVE-2014-5356", "CVE-2014-3474", "CVE-2014-0187"], "description": "Ceilometer information leakage, Neutron information leakage and DoS, Glance DoS, Horizon crossite scripting, Keystone restrictions bypass and privilege escalation, Nova timing attacks.", "edition": 1, "modified": "2014-08-24T00:00:00", "published": "2014-08-24T00:00:00", "id": "SECURITYVULNS:VULN:13927", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13927", "title": "OpenStack multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-17T14:01:05", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - api/metadata/handler.py in OpenStack Compute (Nova)\n before 2013.2.4, 2014.x before 2014.1.2, and Juno before\n Juno-2, when proxying metadata requests through Neutron,\n makes it easier for remote attackers to guess instance\n ID signatures via a brute-force attack that relies on\n timing differences in responses to instance metadata\n requests. (CVE-2014-3517)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : nova (cve_2014_3517_information_disclosure)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3517"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:nova", "cpe:/o:oracle:solaris:11.2"], "id": "SOLARIS11_NOVA_20141014.NASL", "href": "https://www.tenable.com/plugins/nessus/80711", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80711);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3517\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : nova (cve_2014_3517_information_disclosure)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - api/metadata/handler.py in OpenStack Compute (Nova)\n before 2013.2.4, 2014.x before 2014.1.2, and Juno before\n Juno-2, when proxying metadata requests through Neutron,\n makes it easier for remote attackers to guess instance\n ID signatures via a brute-force attack that relies on\n timing differences in responses to instance metadata\n requests. (CVE-2014-3517)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-3517-information-disclosure-vulnerability-in-openstack-compute-nova\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d127dbb9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.3.4.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:nova\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^nova$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nova\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.3.0.4.1\", sru:\"SRU 11.2.3.4.1\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : nova\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"nova\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}]}
