CVE-2013-7048

Publication date 23 January 2014

Last updated 24 July 2024

OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
nova	13.10 saucy	Not affected
	13.04 raring	Ignored
	12.10 quantal	Not affected
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not in release

How can I get the fixes?
What do statuses mean?
Patch details

Notes

mdeslaur

OSSA 2014-001

jdstrand

affected code introduced in grizzly (Ubuntu 13.04) requires shell access on the compute node

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
nova	Upstream: ?id=8a3 Upstream: ?id=75b Upstream: ?id=9bd

References

MITRE
NVD
Launchpad
Debian

Other references

http://lists.openstack.org/pipermail/openstack-announce/2014-January/000184.html
https://www.cve.org/CVERecord?id=CVE-2013-7048