Summary
Check the version of cinder
Solution
Please Install the Updated Packages.
Insight
Duncan Thomas discovered that OpenStack
Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated user could exploit this to potentially obtain file contents from the compute host. (CVE-2014-3641)
Amrith Kumar discovered that OpenStack Cinder did not properly sanitize log message contents. Under certain circumstances, a local attacker with read access to Cinder log files could obtain access to sensitive information.
(CVE-2014-7230)
Affected
cinder on Ubuntu 14.04 LTS
Detection
Get the installed version with the help
of detect NVT and check if the version is vulnerable or not.
Severity
Classification
-
CVE CVE-2014-3641, CVE-2014-7230 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:P/I:N/A:N
Related Vulnerabilities