OVAL Reference oval:org.mitre.oval:def:28233

CVE-2014-3608)Amrith Kumar discovered that OpenStack Nova did not properly sanitize logmessage contents. Under certain circumstances, a local attacker with readaccess to Nova log files could obtain access to sensitive information.(CVE-2014-7230)"> OVAL Reference oval:org.mitre.oval:def:28233 - CERT Civis.Net

Oval Definition:

oval:org.mitre.oval:def:28233

Revision Date:	2014-12-29	Version:	4
Title:	USN-2407-1 -- OpenStack Nova vulnerabilities
Description:	Garth Mollett discovered that OpenStack Nova did not properly clean up aninstance when using rescue mode with the VMWare driver. A removeauthenticated user could exploit this to bypass intended quota limits. Bydefault, Ubuntu does not use the VMWare driver. (CVE-2014-3608)Amrith Kumar discovered that OpenStack Nova did not properly sanitize logmessage contents. Under certain circumstances, a local attacker with readaccess to Nova log files could obtain access to sensitive information.(CVE-2014-7230)
Family:	unix	Class:	patch
Status:	ACCEPTED	Reference(s):	CVE-2014-3608 CVE-2014-7230 USN-2407-1
Platform(s):	Ubuntu 14.04	Product(s):	nova
Definition Synopsis
Ubuntu 14.04 is installed AND python-nova is earlier than 1:2014.1.3-0ubuntu1.1

BACK