Summary
Check the version of nova
Solution
Please Install the Updated Packages.
Insight
Garth Mollett discovered that OpenStack Nova
did not properly clean up an instance when using rescue mode with the VMWare driver.
A remove authenticated user could exploit this to bypass intended quota limits. By default, Ubuntu does not use the VMWare driver. (CVE-2014-3608)
Amrith Kumar discovered that OpenStack Nova did not properly sanitize log message contents. Under certain circumstances, a local attacker with read access to Nova log files could obtain access to sensitive information.
(CVE-2014-7230)
Affected
nova on Ubuntu 14.04 LTS
Detection
Get the installed version with the help
of detect NVT and check if the version is vulnerable or not.
Severity
Classification
-
CVE CVE-2014-3608, CVE-2014-7230 -
CVSS Base Score: 2.7
AV:A/AC:L/Au:S/C:N/I:N/A:P
Related Vulnerabilities