Insecure Temporary Directory Vulnerability in OpenStack Nova by OpenStack
CVE-2013-2030

Currently unrated

Key Information:

Vendor
Openstack
Status
Compute
Grizzly
Havana
Folsom
Vendor
CVE Published:
27 December 2013

Summary

The OpenStack Nova services Folsom, Grizzly, and Havana are susceptible to a vulnerability involving the use of an insecure temporary directory for storing signing certificates. This issue allows local users to potentially spoof servers by pre-creating the designated directory used by Nova for keystone middleware. This vulnerability was demonstrated with the directory path '/tmp/keystone-signing-nova' on Fedora systems. Users of OpenStack Nova should assess their deployments for this vulnerability to mitigate risks associated with unauthorized access.

References

http://www.openwall.com/lists/oss-security/2013/05/09/2
mailing-listx_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://lists.openstack.org/pipermail/openstack-announce/2...
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.