CVE-2013-7048

Priority
Low
Description
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier
uses world-writable and world-readable permissions for the temporary
directory used to store live snapshots, which allows local users to read
and modify live snapshots.
References
Bugs
Notes
 mdeslaur> OSSA 2014-001
 jdstrand> affected code introduced in grizzly (Ubuntu 13.04)
 jdstrand> requires shell access on the compute node
Package
Source: nova (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1:2014.1~b3-0ubuntu2)
Patches:
Upstream:https://git.openstack.org/cgit/openstack/nova/commit/?id=8a34fc3d48c467aa196f65eed444ccdc7c02f19f (master)
Upstream:https://git.openstack.org/cgit/openstack/nova/commit/?id=75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d (havana)
Upstrean:https://git.openstack.org/cgit/openstack/nova/commit/?id=9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa (grizzly)
More Information

Updated: 2018-06-26 04:54:08 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)