CVE-2013-0208

Severity

65%

Complexity

80%

Confidentiality

106%

Per http://www.ubuntu.com/usn/USN-1709-1/ A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10

The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.

Per http://www.ubuntu.com/usn/USN-1709-1/ A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

First reported 12 years ago

2013-02-13 16:55:00

Last updated 7 years ago

2017-08-29 01:33:00

Affected Software

OpenStack Folsom

Canonical Ubuntu Linux 11.10

11.10

Canonical Ubuntu Linux 12.04 LTS (Long-Term Support)

12.04

Canonical Ubuntu Linux 12.10

12.10

References

89661

RHSA-2013:0208

51963

Vendor Advisory

51992

Vendor Advisory

[oss-security] 20130129 [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208)

57613

USN-1709-1

https://bugs.launchpad.net/nova/+bug/1069904

https://bugzilla.redhat.com/show_bug.cgi?id=902629

nova-volume-security-bypass(81697)

https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b

https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.