User: Password:
Subscribe / Log in / New account

nova: privilege escalation

Package(s):nova CVE #(s):CVE-2013-1068 CVE-2014-0167
Created:June 18, 2014 Updated:July 14, 2014
Description: From the CVE entry:

The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/ when using non-default policies, which allows remote authenticated users to gain privileges via these API requests. (CVE-2014-0167)

From the Ubuntu advisory:

Darragh O'Reilly discovered that OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-1068)

Red Hat RHSA-2014:1084-01 openstack-nova 2014-08-21
Fedora FEDORA-2014-7954 openstack-nova 2014-07-12
Ubuntu USN-2248-1 cinder 2014-06-18
Ubuntu USN-2247-1 nova 2014-06-17

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds