Image Resizing and Live Migration Security Flaw in OpenStack Nova by OpenStack
CVE-2013-4497

Currently unrated

Key Information:

Vendor: Openstack
Status: Havana
Vendor: CVE Published:; 5 November 2013

Summary

The OpenStack Compute (Nova) component suffers from a security limitation where the XenAPI backend fails to enforce security group policies adequately. This failure occurs in two critical scenarios: when resizing images and during live migration processes. Malicious actors could exploit this oversight to bypass established security measures, potentially gaining unauthorized access to resources. The affected versions of Nova include Folsom, Grizzly, and Havana, prior to the 2013.2 release.

References

http://www.openwall.com/lists/oss-security/2013/11/03/2

mailing-listx_refsource_MLIST

https://bugs.launchpad.net/nova/+bug/1202266

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2013/11/03/3

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Nov 5, 2013
Vulnerability Reserved
Jun 12, 2013