[USN-1734-1] OpenStack Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1734-1 February 21, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Ubuntu 11.10 / 12.04 LTS / 12.10 : nova vulnerability (USN-1734-1)

Joshua Harlow discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion. CVE-2013-1664. Note that Tenable Network Security has extracted the preceding description block...

Ubuntu 11.10 / 12.04 LTS / 12.10 : nova vulnerability (USN-1709-1)

Phil Day discovered that nova-volume did not validate access to volumes. An authenticated attacker could exploit this to bypass intended access controls and boot from arbitrary volumes. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu...

Ubuntu 12.10 : nova vulnerability (USN-1663-1)

Eric Windisch discovered that Nova did not properly clear LVM-backed images before they were reallocated which could potentially lead to an information leak. This issue only affected setups using libvirt LVM-backed instances. Note that Tenable Network Security has extracted the preceding...

Ubuntu 12.04 LTS : nova vulnerability (USN-1501-1)

Dan Prince discovered that the Nova scheduler, when using DifferentHostFilter or SameHostFilter, would make repeated database instance lookup calls based on passed scheduler hints. An authenticated attacker could use this to cause a denial of service. Note that Tenable Network Security has...

Ubuntu 11.10 / 12.04 LTS : nova vulnerability (USN-1438-1)

Dan Prince discovered that Nova did not enforce quotas for security groups and rules added to security groups. An authenticated user could exploit this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security...

Ubuntu 11.10 : nova vulnerability (USN-1413-1)

Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file. Note that Tenable Network Security has extracted the...

Ubuntu 11.10 : nova vulnerability (USN-1305-1)

David Black discovered that Nova did not properly perform input validation during image registration. An attacker could exploit this by registering a crafted image using the EC2 API or S3/RegisterImage method and overwrite files as the nova user. Note that Tenable Network Security has extracted t...

Ubuntu 11.10 : nova vulnerability (USN-1247-1)

An information leak was discovered in Nova. An attacker with access to a valid EC2ACCESSKEY could obtain the corresponding EC2SECRETKEY for that user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted...