Описание
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
A flaw was discovered in the OpenStack Compute (nova) snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw only affects LVM or Ceph setups, or setups using filesystem storage with "use_cow_images = False".
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 8 (Liberty) | openstack-nova | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | openstack-nova | Fixed | RHSA-2016:0017 | 10.01.2016 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | openstack-nova | Fixed | RHSA-2016:0018 | 11.01.2016 |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | openstack-nova | Fixed | RHSA-2016:0018 | 11.01.2016 |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | openstack-nova | Fixed | RHSA-2016:0018 | 11.01.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS2
Связанные уязвимости
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0 ...
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
EPSS
6.3 Medium
CVSS2