openstack-nova: RBAC policy not properly enforced in Nova EC2 API

It was found that RBAC policies were not enforced in certain methods of the OpenStack Compute EC2 Amazon Elastic Compute Cloud API. A remote attacker could use this flaw to escalate their privileges beyond the user group they were originally restricted to. Note that only certain setups using...

openstack-nova: timing attack issue allows access to other instances' configuration information

A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that...

Fedora Update for openstack-nova FEDORA-2014-1463

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openstack-nova: timing attack issue allows access to other instances' configuration information

A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that...

Fedora Update for openstack-nova FEDORA-2014-7954

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 20 : openstack-nova-2013.2.3-2.fc20 (2014-7954)

Add RBAC policy for ec2 API security groups calls - CVE-2014-0167 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

DEBIAN-CVE-2013-1068

The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...

CVE-2013-1068

The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...

[USN-2247-1] OpenStack Nova vulnerabilities

========================================================================== Ubuntu Security Notice USN-2247-1 June 17, 2014 nova vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

Ubuntu 14.04 LTS : OpenStack Nova vulnerabilities (USN-2247-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2247-1 advisory. Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in...

USN-2247-1 nova vulnerabilities

Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS...

UBUNTU-CVE-2013-1068

The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...

CVE-2013-1068

The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...

openSUSE Security Update : openstack-nova (openSUSE-SU-2013:1087-1)

This update of openstack-nova fixes a security vulnerability. - Add CVE-2013-2030.patch: fix insecure keystone middleware tmpdir by default CVE-2013-2030, bnc819349. - Use explicit keystone-signing dir to workaround lp1181157. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

openstack-nova: Nova host data leak to vm instance in rescue mode

The instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image...

OpenStack Nova RBAC安全绕过漏洞

Bugtraq ID:65753 CVE ID:CVE-2014-0167 OpenStack是由Rackspace和NASA共同开发的云计算平台，帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。OpenStack Nova提供虚拟计算服务。 OpenStack Nova EC2 API安全组实现存在安全漏洞，如addrules, removerules 和destroy方法，受限用户可使用EC2 API绕过限制对安全组进行未授权操作。 0 OpenStack Nova 2013.1 - 2013.2.3 用户可参考如下厂商提供的安全补丁以修复该漏洞：...

PT-2014-3512 · Openstack +1 · Openstack Compute +1

Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions 2013.1 through 2013.2.3 OpenStack Compute Nova icehouse before icehouse-rc2 Description: The issue concerns the Nova EC2 API security group implementation, which fails to enforce Role-Based Access Control RBAC...

UBUNTU-CVE-2014-0167

The Nova EC2 API security group implementation in OpenStack Compute Nova 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for 1 addrules, 2 removerules, 3 destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows...

Fedora Update for openstack-nova FEDORA-2014-4188

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 19 : openstack-nova-2013.1.5-1.fc19 (2014-4188)

Update to stable/grizzly release 2013.1.5 - Keep XenAPI security groups through migrate and resize - CVE-2013-4497 - Secure directory permissions in snapshots - CVE-2013-7048 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisor...