Ubuntu Update For Nova USN-2407-1 Network Vulnerability

Summary

Check the version of nova

Solution

Please Install the Updated Packages.

Insight

Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated user could exploit this to bypass intended quota limits. By default, Ubuntu does not use the VMWare driver. (CVE-2014-3608) Amrith Kumar discovered that OpenStack Nova did not properly sanitize log message contents. Under certain circumstances, a local attacker with read access to Nova log files could obtain access to sensitive information. (CVE-2014-7230)

Affected

nova on Ubuntu 14.04 LTS

Detection

Get the installed version with the help of detect NVT and check if the version is vulnerable or not.

Severity

Classification

CVE CVE-2014-3608, CVE-2014-7230
CVSS Base Score: 2.7
AV:A/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

Ubuntu Update for acpid USN-1234-1
Ubuntu Update for nova USN-1438-1
Ubuntu Update for amarok vulnerability USN-657-1
Ubuntu Update for apt USN-1283-1
Ubuntu Update for kdelibs vulnerability USN-420-1

Ubuntu Update for nova USN-2407-1

Take action and discover your vulnerabilities