Debian Nova vulnerabilities

CVE-2013-4497 [MEDIUM] CVE-2013-4497: nova - The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana befor... The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. Scope: local bookworm: resolved (fixed in 2013.2-1) bullseye: resolved (fixed in 2013.2-1) forky: resolved (fixed in 2013.

CVE-2013-1838 [MEDIUM] CVE-2013-1838: nova - OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not p... OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function. Scope: local bookworm: resolved (fixed in 2012.1.1-15) bullseye: res

CVE-2013-2256 [MEDIUM] CVE-2013-2256: nova - OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not pro... OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id. Scope: local bookworm: resolved (fixed in 2013.1

CVE-2013-6419 [MEDIUM] CVE-2013-6419: neutron - Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and iceho... Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (age

CVE-2013-4278 [MEDIUM] CVE-2013-4278: nova - The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Ha... The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256. Scope: local bookworm: resolved (fixed in 2013.1.3-1) bullseye

CVE-2013-4469 [LOW] CVE-2013-4469: nova - OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set... OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an inc

CVE-2013-4185 [MEDIUM] CVE-2013-4185: nova - Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3... Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update reques

CVE-2013-2030 [LOW] CVE-2013-2030: nova - keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana ... keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. Scope: local bookworm: resolved bullseye: resolved forky: resolv

CVE-2013-4261 [LOW] CVE-2013-4261: nova - OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid fo... OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. Scope:

CVE-2013-7130 [HIGH] CVE-2013-7130: nova - The i_create_images_and_backing (aka create_images_and_backing) method in libvir... The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage. Scope: local bookworm: resolved (fixed in 20

CVE-2013-7048 [LOW] CVE-2013-7048: nova - OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses wor... OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots. Scope: local bookworm: resolved (fixed in 2013.2.2) bullseye: resolved (fixed in 2013.2.2) forky: resolved (fixed in 2013.2.2) sid: r

CVE-2013-0326 [MEDIUM] CVE-2013-0326: nova - OpenStack nova base images permissions are world readable OpenStack nova base images permissions are world readable Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2013-2096 [LOW] CVE-2013-2096: nova - OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual... OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data. Scope: local bookworm: resolved (fixed in 2013.1.2-2) bullseye: resolved (fixed in 2013

CVE-2013-4463 [LOW] CVE-2013-4463: nova - OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify th... OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. Scope: local bookworm: resolved (fixed in 2013.2-3) bullseye: resolved (fixed

CVE-2012-1585 [MEDIUM] CVE-2012-1585: nova - OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users t... OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name. Scope: local bookworm: resolved (fixed in 2012-1~rc3-1) bullseye: resolved (fixed in 2012-1~rc3-1) forky: resolved (fixed in 2012-1~rc3-1) sid: resolved (fixed in 2012-1~rc3-1) trixie: resolved (fix

CVE-2012-2654 [MEDIUM] CVE-2012-2654: nova - The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (... The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions. Scope: local bookworm: resolved (fixed in 2012.1-6) bullsey

CVE-2012-3447 [MEDIUM] CVE-2012-3447: nova - virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom... virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361. Scope: local bookworm: resolved (fixe

CVE-2012-3361 [MEDIUM] CVE-2012-3361: nova - virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), an... virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image. Scope: local bookworm: resolved (fixed in 2012.1.1-2) bullseye: resolved (fixed in 2012.1.1-2) forky: resolved (fixed in 2012.1.1-2) sid: resolved (fixed in 2012.1.1-

CVE-2012-0030 [MEDIUM] CVE-2012-0030: nova - Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated... Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter. Scope: local bookworm: resolved (fixed in 2012.1~rc1-1) bullseye: resolved (fixed in 2012.1~rc1-1) forky: resolved (fixed in 2012.1~rc1-1) sid: resolved (fixed in 2

CVE-2012-3360 [MEDIUM] CVE-2012-3360: nova - Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova... Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element. Scope: local bookworm: resolved (fixed in 2012.1.1-2) bullseye: resolved (