CVE-2013-0335

Severity

60%

Complexity

68%

Confidentiality

106%

Per http://www.ubuntu.com/usn/USN-1771-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10"

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

Per http://www.ubuntu.com/usn/USN-1771-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10"

CVSS 2.0 Base Score 6. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P).

Overview

First reported 11 years ago

2013-03-22 21:55:00

Last updated 11 years ago

2013-06-05 03:40:00

Affected Software

OpenStack Compute (Essex) 2012.1

2012.1

OpenStack Folsom 2012.2

2012.2

Canonical Ubuntu Linux 11.10

11.10

Canonical Ubuntu Linux 12.04 LTS (Long-Term Support)

12.04

Canonical Ubuntu Linux 12.10

12.10

References

RHSA-2013:0709

52337

Vendor Advisory

52728

Vendor Advisory

[oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)

90657

USN-1771-1

https://bugs.launchpad.net/nova/+bug/1125378

https://review.openstack.org/#/c/22086/

https://review.openstack.org/#/c/22758

https://review.openstack.org/#/c/22872/

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.