{"id": "RHSA-2017:0282", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2017:0282) Moderate: openstack-cinder, openstack-glance, and openstack-nova security update", "description": "The Oslo concurrency library has utilities for safely running multi-thread, multi-process applications using locking mechanisms, and for running external processes.\n\nOpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.\n\nOpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services.\n\nOpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API.\n\nSecurity Fix(es):\n\n* A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. \noslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw. (CVE-2015-5162)\n\nThis issue was discovered by Richard W.M. Jones (Red Hat).\n\nBug Fix(es):\n\n* qemu-img calls were unrestricted by ulimit. oslo.concurrency has been updated to add support for process limits ('prlimit'), which is needed to fix the CVE-2015-5162 security vulnerability. (BZ#1383415)", "published": "2017-02-16T03:42:18", "modified": "2018-03-19T16:27:17", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://access.redhat.com/errata/RHSA-2017:0282", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5162"], "lastseen": "2019-08-13T18:46:18", "viewCount": 18, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2019-08-13T18:46:18", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5162"]}, {"type": "redhat", "idList": ["RHSA-2016:2923", "RHSA-2017:0156", "RHSA-2017:0153", "RHSA-2017:0165", "RHSA-2016:2991"]}, {"type": "ubuntu", "idList": ["USN-3449-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843332"]}, {"type": "nessus", "idList": ["UBUNTU_USN-3449-1.NASL"]}], "modified": "2019-08-13T18:46:18", "rev": 2}, "vulnersScore": 5.8}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openstack-nova", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-2015.1.4-32.el7ost.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-cells", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-cells-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-glance", "packageVersion": "2015.1.2-3.el7ost", "packageFilename": "openstack-glance-2015.1.2-3.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-conductor", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-conductor-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-console", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-console-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-cert", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-cert-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-serialproxy", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-serialproxy-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-cinder", "packageVersion": "2015.1.3-12.el7ost", "packageFilename": "openstack-cinder-2015.1.3-12.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-network", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-network-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-api", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-api-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "python-oslo-concurrency", "packageVersion": "1.8.2-2.el7ost", "packageFilename": "python-oslo-concurrency-1.8.2-2.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-novncproxy", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-novncproxy-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-doc", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-doc-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openstack-glance", "packageVersion": "2015.1.2-3.el7ost", "packageFilename": "openstack-glance-2015.1.2-3.el7ost.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-cinder-doc", "packageVersion": "2015.1.3-12.el7ost", "packageFilename": "openstack-cinder-doc-2015.1.3-12.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "python-glance", "packageVersion": "2015.1.2-3.el7ost", "packageFilename": "python-glance-2015.1.2-3.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "python-cinder", "packageVersion": "2015.1.3-12.el7ost", "packageFilename": "python-cinder-2015.1.3-12.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "python-nova", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "python-nova-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-spicehtml5proxy", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-spicehtml5proxy-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "python-oslo-concurrency-doc", "packageVersion": "1.8.2-2.el7ost", "packageFilename": "python-oslo-concurrency-doc-1.8.2-2.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-objectstore", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-objectstore-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-scheduler", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-scheduler-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openstack-cinder", "packageVersion": "2015.1.3-12.el7ost", "packageFilename": "openstack-cinder-2015.1.3-12.el7ost.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-compute", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-compute-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-nova-common", "packageVersion": "2015.1.4-32.el7ost", "packageFilename": "openstack-nova-common-2015.1.4-32.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "python-oslo-concurrency", "packageVersion": "1.8.2-2.el7ost", "packageFilename": "python-oslo-concurrency-1.8.2-2.el7ost.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-glance-doc", "packageVersion": "2015.1.2-3.el7ost", "packageFilename": "openstack-glance-doc-2015.1.2-3.el7ost.noarch.rpm", "operator": "lt"}]}

{"cve": [{"lastseen": "2020-12-09T20:03:05", "description": "The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-10-07T14:59:00", "title": "CVE-2015-5162", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5162"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/a:openstack:glance:12.0.0", "cpe:/a:openstack:nova:12.0.3", "cpe:/a:openstack:glance:11.0.0", "cpe:/a:openstack:cinder:8.1.0", "cpe:/a:openstack:nova:13.0.0", "cpe:/a:openstack:cinder:7.0.2", "cpe:/a:openstack:glance:11.0.1", "cpe:/a:openstack:cinder:8.0.0"], "id": "CVE-2015-5162", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5162", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:openstack:nova:12.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:glance:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:glance:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:nova:13.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:cinder:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:cinder:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:cinder:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:glance:11.0.1:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2019-08-13T18:46:11", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5162"], "description": "OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage's API.\n\nOpenStack Image service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services.\n\nSecurity Fix(es):\n\n* A resource vulnerability in the Block Storage (cinder) and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162)", "modified": "2018-03-19T16:27:43", "published": "2016-12-08T03:11:46", "id": "RHSA-2016:2923", "href": "https://access.redhat.com/errata/RHSA-2016:2923", "type": "redhat", "title": "(RHSA-2016:2923) Moderate: openstack-cinder and openstack-glance security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:44:55", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5162"], "description": "OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.\n\nOpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage's API.\n\nOpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services.\n\nThe following packages have been upgraded to a newer upstream version: openstack-nova (12.0.5), openstack-cinder (7.0.3), openstack-glance (11.0.1). (BZ#1381466, BZ#1396263)\n\nSecurity Fix(es):\n\n* A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162)\n\nThis issue was discovered by Richard W.M. Jones (Red Hat).\n\nBug Fix(es):\n\n* There is a known issue with Unicode string handling in the OSProfiler library. Consequently, the creation of a Block Storage (cinder) snapshot will fail if it uses non-ASCII characters. With this update, the OSProfiler library is not loaded unless it is specifically enabled in the cinder configuration. As a result, the Unicode handling issue in OSProfiler is still present, and will result in the same failure if OSProfiler is used, however it will be unlikely to occur in most cinder configurations. A more in-depth resolution for this issue is not currently in scope. (BZ#1383899)", "modified": "2018-03-19T16:27:27", "published": "2016-12-21T21:21:39", "id": "RHSA-2016:2991", "href": "https://access.redhat.com/errata/RHSA-2016:2991", "type": "redhat", "title": "(RHSA-2016:2991) Moderate: openstack-cinder, openstack-glance, and openstack-nova update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:10", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5162"], "description": "OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API.\n\nSecurity Fix(es):\n\n* A resource vulnerability in the Block Storage (cinder) service was found in its use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162)", "modified": "2018-03-19T16:27:05", "published": "2017-01-19T18:13:44", "id": "RHSA-2017:0156", "href": "https://access.redhat.com/errata/RHSA-2017:0156", "type": "redhat", "title": "(RHSA-2017:0156) Moderate: openstack-cinder security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:45:41", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5162"], "description": "OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API.\n\nSecurity Fix(es):\n\n* A resource vulnerability in the Block Storage (cinder) service was found in its use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162)", "modified": "2018-06-07T02:47:58", "published": "2017-01-19T18:11:00", "id": "RHSA-2017:0165", "href": "https://access.redhat.com/errata/RHSA-2017:0165", "type": "redhat", "title": "(RHSA-2017:0165) Moderate: openstack-cinder security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5162"], "description": "OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API.\n\nSecurity Fix(es):\n\n* A resource vulnerability in the Block Storage (cinder) service was found in its use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162)", "modified": "2018-03-19T16:26:41", "published": "2017-01-19T18:11:14", "id": "RHSA-2017:0153", "href": "https://access.redhat.com/errata/RHSA-2017:0153", "type": "redhat", "title": "(RHSA-2017:0153) Moderate: openstack-cinder security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:40:37", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5162", "CVE-2015-8749", "CVE-2015-3241", "CVE-2016-2140", "CVE-2015-3280", "CVE-2015-7548", "CVE-2015-7713"], "description": "George Shuklin discovered that OpenStack Nova incorrectly handled the \nmigration process. A remote authenticated user could use this issue to \nconsume resources, resulting in a denial of service. (CVE-2015-3241)\n\nGeorge Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly \nhandled deleting instances. A remote authenticated user could use this \nissue to consume disk resources, resulting in a denial of service. \n(CVE-2015-3280)\n\nIt was discovered that OpenStack Nova incorrectly limited qemu-img calls. A \nremote authenticated user could use this issue to consume resources, \nresulting in a denial of service. (CVE-2015-5162)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled snapshots. \nA remote authenticated user could use this issue to read arbitrary files. \n(CVE-2015-7548)\n\nSreekumar S. and Suntao discovered that OpenStack Nova incorrectly applied \nsecurity group changes. A remote attacker could possibly use this issue to \nbypass intended restriction changes by leveraging an instance that was \nrunning when the change was made. (CVE-2015-7713)\n\nMatt Riedemann discovered that OpenStack Nova incorrectly handled logging. \nA local attacker could possibly use this issue to obtain sensitive \ninformation from log files. (CVE-2015-8749)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled certain \nqcow2 headers. A remote authenticated user could possibly use this issue to \nread arbitrary files. (CVE-2016-2140)", "edition": 5, "modified": "2017-10-11T00:00:00", "published": "2017-10-11T00:00:00", "id": "USN-3449-1", "href": "https://ubuntu.com/security/notices/USN-3449-1", "title": "OpenStack Nova vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5162", "CVE-2015-8749", "CVE-2015-3241", "CVE-2016-2140", "CVE-2015-3280", "CVE-2015-7548", "CVE-2015-7713"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-10-12T00:00:00", "id": "OPENVAS:1361412562310843332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843332", "type": "openvas", "title": "Ubuntu Update for nova USN-3449-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3449_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for nova USN-3449-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843332\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-12 10:26:14 +0200 (Thu, 12 Oct 2017)\");\n script_cve_id(\"CVE-2015-3241\", \"CVE-2015-3280\", \"CVE-2015-5162\", \"CVE-2015-7548\",\n \"CVE-2015-7713\", \"CVE-2015-8749\", \"CVE-2016-2140\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for nova USN-3449-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nova'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"George Shuklin discovered that OpenStack\n Nova incorrectly handled the migration process. A remote authenticated user\n could use this issue to consume resources, resulting in a denial of service.\n (CVE-2015-3241) George Shuklin and Tushar Patil discovered that OpenStack Nova\n incorrectly handled deleting instances. A remote authenticated user could use\n this issue to consume disk resources, resulting in a denial of service.\n (CVE-2015-3280) It was discovered that OpenStack Nova incorrectly limited\n qemu-img calls. A remote authenticated user could use this issue to consume\n resources, resulting in a denial of service. (CVE-2015-5162) Matthew Booth\n discovered that OpenStack Nova incorrectly handled snapshots. A remote\n authenticated user could use this issue to read arbitrary files. (CVE-2015-7548)\n Sreekumar S. and Suntao discovered that OpenStack Nova incorrectly applied\n security group changes. A remote attacker could possibly use this issue to\n bypass intended restriction changes by leveraging an instance that was running\n when the change was made. (CVE-2015-7713) Matt Riedemann discovered that\n OpenStack Nova incorrectly handled logging. A local attacker could possibly use\n this issue to obtain sensitive information from log files. (CVE-2015-8749)\n Matthew Booth discovered that OpenStack Nova incorrectly handled certain qcow2\n headers. A remote authenticated user could possibly use this issue to read\n arbitrary files. (CVE-2016-2140)\");\n script_tag(name:\"affected\", value:\"nova on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3449-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3449-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-nova\", ver:\"1:2014.1.5-0ubuntu1.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-01T06:46:03", "description": "George Shuklin discovered that OpenStack Nova incorrectly handled the\nmigration process. A remote authenticated user could use this issue to\nconsume resources, resulting in a denial of service. (CVE-2015-3241)\n\nGeorge Shuklin and Tushar Patil discovered that OpenStack Nova\nincorrectly handled deleting instances. A remote authenticated user\ncould use this issue to consume disk resources, resulting in a denial\nof service. (CVE-2015-3280)\n\nIt was discovered that OpenStack Nova incorrectly limited qemu-img\ncalls. A remote authenticated user could use this issue to consume\nresources, resulting in a denial of service. (CVE-2015-5162)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled\nsnapshots. A remote authenticated user could use this issue to read\narbitrary files. (CVE-2015-7548)\n\nSreekumar S. and Suntao discovered that OpenStack Nova incorrectly\napplied security group changes. A remote attacker could possibly use\nthis issue to bypass intended restriction changes by leveraging an\ninstance that was running when the change was made. (CVE-2015-7713)\n\nMatt Riedemann discovered that OpenStack Nova incorrectly handled\nlogging. A local attacker could possibly use this issue to obtain\nsensitive information from log files. (CVE-2015-8749)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled\ncertain qcow2 headers. A remote authenticated user could possibly use\nthis issue to read arbitrary files. (CVE-2016-2140).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-10-12T00:00:00", "title": "Ubuntu 14.04 LTS : nova vulnerabilities (USN-3449-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5162", "CVE-2015-8749", "CVE-2015-3241", "CVE-2016-2140", "CVE-2015-3280", "CVE-2015-7548", "CVE-2015-7713"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python-nova", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3449-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103812", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3449-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103812);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2015-3241\", \"CVE-2015-3280\", \"CVE-2015-5162\", \"CVE-2015-7548\", \"CVE-2015-7713\", \"CVE-2015-8749\", \"CVE-2016-2140\");\n script_xref(name:\"USN\", value:\"3449-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : nova vulnerabilities (USN-3449-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"George Shuklin discovered that OpenStack Nova incorrectly handled the\nmigration process. A remote authenticated user could use this issue to\nconsume resources, resulting in a denial of service. (CVE-2015-3241)\n\nGeorge Shuklin and Tushar Patil discovered that OpenStack Nova\nincorrectly handled deleting instances. A remote authenticated user\ncould use this issue to consume disk resources, resulting in a denial\nof service. (CVE-2015-3280)\n\nIt was discovered that OpenStack Nova incorrectly limited qemu-img\ncalls. A remote authenticated user could use this issue to consume\nresources, resulting in a denial of service. (CVE-2015-5162)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled\nsnapshots. A remote authenticated user could use this issue to read\narbitrary files. (CVE-2015-7548)\n\nSreekumar S. and Suntao discovered that OpenStack Nova incorrectly\napplied security group changes. A remote attacker could possibly use\nthis issue to bypass intended restriction changes by leveraging an\ninstance that was running when the change was made. (CVE-2015-7713)\n\nMatt Riedemann discovered that OpenStack Nova incorrectly handled\nlogging. A local attacker could possibly use this issue to obtain\nsensitive information from log files. (CVE-2015-8749)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled\ncertain qcow2 headers. A remote authenticated user could possibly use\nthis issue to read arbitrary files. (CVE-2016-2140).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3449-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-nova package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-nova\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python-nova\", pkgver:\"1:2014.1.5-0ubuntu1.7\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-nova\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}