LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

nova: privilege escalation

Package(s):nova CVE #(s):CVE-2012-3360 CVE-2012-3361
Created:July 3, 2012 Updated:August 23, 2012
Description: From the Ubuntu advisory:

Matthias Weckbecker discovered that, when using the OpenStack API to setup libvirt-based hypervisors, an authenticated user could inject files in arbitrary locations on the file system of the host running Nova. A remote attacker could use this to gain root privileges. This issue only affects Ubuntu 12.04 LTS. (CVE-2012-3360)

Pádraig Brady discovered that an authenticated user could corrupt arbitrary files of the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges. (CVE-2012-3361)

Alerts:
Ubuntu USN-1497-1 2012-07-03
Fedora FEDORA-2012-10418 2012-07-19
Fedora FEDORA-2012-10420 2012-07-19
Ubuntu USN-1545-1 2012-08-22
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds