From ${URL} : Title: Nova live snapshots use an insecure local directory Reporter: Daniel Berrange (Red Hat) Products: Nova Affects: Grizzly and later Description: Daniel Berrange from Red Hat reported that the directories used to temporarily store live snapshots on Nova compute nodes were writeable to all local users. A local attacker with shell access on compute nodes could therefore read and modify the contents of live snapshots before those are uploaded to the image service. """ References: https://bugs.launchpad.net/nova/+bug/1227027 @maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
patches applied. old badness removed new hotness added ( nova-2013.1.4-r5 and nova-2013.2.1-r3 ) removing myself from cc as I'm unneeded here (along with openstack herd) :D
CVE-2013-7048 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7048): OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.
Later versions in tree and all vulnerable have been removed.