CVE-2013-7130: Infoleak
First published: Thu Feb 06 2014(Updated: )
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenStack Compute | =2012.2 | |
| OpenStack Compute | =2013.1 | |
| OpenStack Compute | =2013.1.1 | |
| OpenStack Compute | =2013.1.2 | |
| OpenStack Compute | =2013.1.3 | |
| Openstack Grizzly | ||
| Openstack Havana | ||
| Openstack Icehouse | ||
| pip/nova | <12.0.0a0 | 12.0.0a0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html
- http://osvdb.org/102416
- http://rhn.redhat.com/errata/RHSA-2014-0231.html
- http://secunia.com/advisories/56450
- http://www.openwall.com/lists/oss-security/2014/01/23/5
- http://www.securityfocus.com/bid/65106
- http://www.ubuntu.com/usn/USN-2247-1
- https://bugs.launchpad.net/nova/+bug/1251590
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90652
- https://review.openstack.org/#/c/68658/
- https://review.openstack.org/#/c/68659/
- https://review.openstack.org/#/c/68660/
- https://nvd.nist.gov/vuln/detail/CVE-2013-7130
- https://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9
- https://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1
- https://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3
- https://review.openstack.org/#/c/68658
- https://review.openstack.org/#/c/68659
- https://review.openstack.org/#/c/68660
- https://github.com/advisories/GHSA-99rx-9x8v-9j8p (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/last-modified-date
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/event
- collector/github-advisory
- source/GitHub
- alias/GHSA-99rx-9x8v-9j8p
- alias/CVE-2013-7130
- agent/tags
- collector/github-advisory-latest
- vendor/openstack
- canonical/openstack compute
- version/openstack compute/2012.2
- version/openstack compute/2013.1
- version/openstack compute/2013.1.1
- version/openstack compute/2013.1.2
- version/openstack compute/2013.1.3
- canonical/openstack grizzly
- canonical/openstack havana
- canonical/openstack icehouse
- package-manager/pip