Lucene search
UbuntuUSN-1709-1HistoryJan 29, 2013 - 12:00 a.m.
OpenStack Nova vulnerability
2013-01-2900:00:00
ubuntu.com
24
6.4 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.7%
Releases
- Ubuntu 12.10
- Ubuntu 12.04
- Ubuntu 11.10
Packages
- nova - OpenStack Compute cloud infrastructure
Details
Phil Day discovered that nova-volume did not validate access to volumes. An
authenticated attacker could exploit this to bypass intended access
controls and boot from arbitrary volumes.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 12.10 | noarch | nova-volume | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-ajax-console-proxy | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-api | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-api-ec2 | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-api-metadata | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-api-os-compute | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-api-os-volume | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-cert | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-common | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 12.10 | noarch | nova-compute | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
References
Related
veracode
veracode
Authorization Bypass
2019-05-02 04:52:17
debiancve
debiancve
CVE-2013-0208
2013-02-13 16:55:00
cvelist
cvelist
CVE-2013-0208
2013-02-13 16:00:00
nessus
nessus
Fedora 17 : openstack-nova-2012.1.3-3.fc17 (2013-1816)
2013-02-11 00:00:00
Ubuntu 11.10 / 12.04 LTS / 12.10 : nova vulnerability (USN-1709-1)
2013-01-30 00:00:00
openSUSE Security Update : openstack (openSUSE-2013-237)
2014-06-13 00:00:00
prion
prion
Security feature bypass
2013-02-13 16:55:00
securityvulns
securityvulns
[USN-1709-1] OpenStack Nova vulnerability
2013-02-04 00:00:00
OpenStack security vulnerabilities
2013-03-24 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1709-1)
2013-01-31 00:00:00
Ubuntu Update for nova USN-1709-1
2013-01-31 00:00:00
Fedora Update for openstack-nova FEDORA-2013-1816
2013-02-11 00:00:00
cve
cve
CVE-2013-0208
2013-02-13 16:55:00
ubuntucve
ubuntucve
CVE-2013-0208
2013-01-29 00:00:00
redhat
redhat
(RHSA-2013:0208) Important: openstack-nova security and bug fix update
2013-01-30 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: openstack-nova-2012.1.3-3.fc17
2013-02-10 04:43:56
6.4 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.7%
Related for USN-1709-1