PRIOn knowledge basePRION:CVE-2013-7130

HistoryFeb 06, 2014 - 5:00 p.m.

Design/Logic Flaw

2014-02-0617:00:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.008 Low

EPSS

Percentile

80.7%

JSON

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

CPENameOperatorVersion
computeeq2012.2
computeeq2013.1.1
computeeq2013.1.2
computeeq2013.1
computeeq2013.1.3

Name	Operator	Version
compute	eq	2012.2
compute	eq	2013.1.1
compute	eq	2013.1.2
compute	eq	2013.1
compute	eq	2013.1.3

References

osvdb.org/102416

rhn.redhat.com/errata/RHSA-2014-0231.html

secunia.com/advisories/56450

www.openwall.com/lists/oss-security/2014/01/23/5

www.securityfocus.com/bid/65106

www.ubuntu.com/usn/USN-2247-1

bugs.launchpad.net/nova/+bug/1251590

exchange.xforce.ibmcloud.com/vulnerabilities/90652

lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html

lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html

review.openstack.org/

6.7 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.008 Low

EPSS

Percentile

80.7%

JSON

Related for PRION:CVE-2013-7130