Ubuntu Update For Nova USN-2325-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Alex Gaynor discovered that OpenStack Nova would sometimes respond with variable times when comparing authentication tokens. If nova were configured to proxy metadata requests via Neutron, a remote authenticated attacker could exploit this to conduct timing attacks and ascertain configuration details of another instance.

Affected

nova on Ubuntu 14.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-August/002635.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3517

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Ubuntu Update for cinder USN-2405-1
Ubuntu Update for compiz-fusion-plugins-main vulnerability USN-688-1
Ubuntu Update for clamav vulnerabilities USN-945-1
Ubuntu Update for acpi-support USN-2297-1
Ubuntu Update for apache2 USN-1368-1

Ubuntu Update for nova USN-2325-1

Take action and discover your vulnerabilities