CVE-2014-3608

The VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: thi...

PT-2014-5416 · Openstack +1 · Openstack Compute +1

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions prior to 2014.1.3 Description: The issue allows remote authenticated users to bypass the quota limit and cause a denial of service by consuming resources. This is achieved by putting a virtual machine into the...

[USN-2325-1] OpenStack Nova vulnerability

========================================================================== Ubuntu Security Notice USN-2325-1 August 21, 2014 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

Updated openstack-nova packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS ba...

DEBIAN-CVE-2014-3517

api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...

Design/Logic Flaw

api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...

CVE-2014-3517

OpenStack Nova metadata proxy (api/metadata/handler.py) is affected when proxying metadata requests through Neutron. The vulnerability allows timing-based brute-forcing to guess instance ID signatures. Affected ranges include OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and J...

CVE-2014-3517

api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...

CVE-2014-3517

api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...

PT-2014-5368 · Openstack +1 · Openstack Compute +2

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions prior to 2013.2.4 OpenStack Compute Nova versions 2014.x prior to 2014.1.2 OpenStack Compute Nova Juno versions prior to Juno-2 Description: The issue makes it easier for remote attackers to guess instance ID...

Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update

Updated openstack-nova packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common...

[SECURITY] Fedora 20 Update: openstack-nova-2013.2.3-2.fc20

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

USN-2247-1: OpenStack Nova vulnerabilities

Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS...

Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

Updated openstack-nova packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring...

CVE-2014-0134

The instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image...

PYSEC-2014-112

The instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image...

Design/Logic Flaw

The instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image...

CVE-2014-0134

OpenStack Nova shows a vulnerability in 2013.2 (before 2013.2.3) and Icehouse (before 2014.1) when using libvirt to spawn images with use_cow_images=false: remote authenticated users could read certain compute host files by overwriting an instance disk with a crafted image. The affected component...

CVE-2014-0134

The instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image...

Design/Logic Flaw

The Nova EC2 API security group implementation in OpenStack Compute Nova 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for 1 addrules, 2 removerules, 3 destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows...