openstack-nova: Boot from volume allows access to random volumes

The boot-from-volume feature in OpenStack Compute Nova Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the blockdevicemapping parameter...

PT-2012-4720 · Openstack · Openstack Compute

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions 2012.1.x through 2012.1.1 OpenStack Compute Nova versions Folsom through Folsom-2 Description: The issue allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image...

PYSEC-2012-38

Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2 and Essex 2012.1, when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. dot dot in the path attribute of a file element...

DEBIAN-CVE-2012-2101

Openstack Compute Nova Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service CPU and hard drive consumption via a network request that triggers a large number of iptables rules...

Directory traversal

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted 1 tarball or 2 manifest...

CVE-2011-4596

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted 1 tarball or 2 manifest...

DEBIAN-CVE-2011-4596

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted 1 tarball or 2 manifest...

CVE-2011-4596

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted 1 tarball or 2 manifest...

CVE-2011-4596

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted 1 tarball or 2 manifest...

CVE-2011-4076

OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...