CVE-2013-7048
EPSS 0.13%OpenStack Nova live snapshots use an insecure local directory
發布日:2022/5/14修改日:2026/4/28
也稱為:DEBIAN-CVE-2013-7048
描述
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.
受影響套件(2)
- Debian/novafrom 0, < 2013.2.2
- PyPI/novafrom 0, < 12.0.0a0
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-7048
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-7048
- PATCHhttps://github.com/openstack/nova
- WEBhttp://rhn.redhat.com/errata/RHSA-2014-0231.html
- WEBhttps://bugs.launchpad.net/nova/+bug/1227027
- WEBhttps://github.com/openstack/nova/commit/75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d
- WEBhttps://github.com/openstack/nova/commit/8a34fc3d48c467aa196f65eed444ccdc7c02f19f
- WEBhttps://github.com/openstack/nova/commit/9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa
- WEBhttp://www.openwall.com/lists/oss-security/2014/01/13/2