nova: CVE-2013-7048: Nova live snapshots use an insecure local directory

Debian Bug report logs - #732022
nova: CVE-2013-7048: Nova live snapshots use an insecure local directory

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: nova: CVE-2013-7048: Nova live snapshots use an insecure local directory

Date: Thu, 12 Dec 2013 17:07:39 +0100

Package: nova
Version: 2013.1.3-2
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

So here is one more of the CVE's not checked yet from
security-tracker. Wheezy does not seem affected to this.

the following vulnerability was published for nova.

CVE-2013-7048[0]:
Nova live snapshots use an insecure local directory

Daniel Berrange from Red Hat reported that the directories used to
temporarily store live snapshots on Nova compute nodes were writeable
to all local users. A local attacker with shell access on compute
nodes could therefore read and modify the contents of live snapshots
before those are uploaded to the image service.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7048
    http://security-tracker.debian.org/tracker/CVE-2013-7048
[1] https://bugs.launchpad.net/nova/+bug/1227027

Regards,
Salvatore

Message #10 received at 732022-close@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>

To: 732022-close@bugs.debian.org

Subject: Bug#732022: fixed in nova 2013.2.1-1

Date: Wed, 18 Dec 2013 11:49:40 +0000

Source: nova
Source-Version: 2013.2.1-1

We believe that the bug you reported is fixed in the latest version of
nova, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 732022@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated nova package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 16 Dec 2013 16:33:25 +0800
Source: nova
Binary: python-nova nova-common nova-compute nova-compute-lxc nova-compute-uml nova-compute-qemu nova-compute-kvm nova-conductor nova-cert nova-scheduler nova-volume nova-api nova-network nova-console nova-consoleauth nova-doc nova-cells nova-baremetal nova-consoleproxy
Architecture: source all
Version: 2013.2.1-1
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description: 
 nova-api   - OpenStack Compute - compute API frontend
 nova-baremetal - Openstack Compute - baremetal virt
 nova-cells - Openstack Compute - cells
 nova-cert  - OpenStack Compute - certificate manager
 nova-common - OpenStack Compute - common files
 nova-compute - OpenStack Compute - compute node
 nova-compute-kvm - OpenStack Compute - compute node (KVM)
 nova-compute-lxc - OpenStack Compute - compute node (LXC)
 nova-compute-qemu - OpenStack Compute - compute node (QEmu)
 nova-compute-uml - OpenStack Compute - compute node (UserModeLinux)
 nova-conductor - OpenStack Compute - conductor service
 nova-console - OpenStack Compute - console
 nova-consoleauth - OpenStack Compute - Console Authenticator
 nova-consoleproxy - OpenStack Compute - NoVNC proxy
 nova-doc   - OpenStack Compute - documentation
 nova-network - OpenStack Compute - network manager
 nova-scheduler - OpenStack Compute - virtual machine scheduler
 nova-volume - OpenStack Compute - storage metapackage
 python-nova - OpenStack Compute - libraries
Closes: 732022 732206 732267
Changes: 
 nova (2013.2.1-1) unstable; urgency=high
 .
   * New upstream release (Closes: #732022). This fixes: CVE-2013-7048: Nova
     live snapshots use an insecure local directory and CVE-2013-6419:
     Metadata queries from Neutron to Nova are not restricted by tenant.
   * Added | cut -d" " -f1 when searching for the default gateway interface,
     in the nova-common.config script that tries to guess the "my_ip" address,
     just in case there's more than one interface in use (in which case it may
     fail in non-interactive mode).
   * Updates the French debconf translation which was broken, thanks to our
     cheesemaster for the update (Closes: #732267).
   * Updates the Spanish debconf translation, thanks to jathan
     <jathanblackred@gmail.com> for this update (Closes: #732206).
   * Fixes requirement.txt patch (upstream now includes the python-six fix).
   * Removes patch applied upstream:
     CVE-2013-4463_CVE-2013-4469_ensure_we_dont_boot_oversized_image.patch
   * Fix typoe in libvirt_vif_driver (had Hybird instead of Hybrid).
   * Updates (build-)depends version of python-six (>= 1.4.1) and
     python-iso8601 (>= 0.1.8).
   * Removed python-argparse from python-nova depends.
Checksums-Sha1: 
 a40092be4e764eacb385f4ef1267048b31e43af1 4540 nova_2013.2.1-1.dsc
 d0ac681fdb773b118c380cc77804cbf152803768 2875916 nova_2013.2.1.orig.tar.xz
 de7be9329ab82c20c937798eb0c3a8868823b32d 79095 nova_2013.2.1-1.debian.tar.gz
 d7fab6d76867fab9d80dbd4ab503c59a2ef94967 1637046 python-nova_2013.2.1-1_all.deb
 569a2c4311d67f6e98ad27c89d7a3dc950aad7ef 46082 nova-common_2013.2.1-1_all.deb
 940322d118fee94c911997e615436547d92d78a2 18856 nova-compute_2013.2.1-1_all.deb
 635e1b9d54465a189bb2909bbb7bba4196cc78c2 14210 nova-compute-lxc_2013.2.1-1_all.deb
 5295f1fdfa6f1673113db11aa78ea9bd0bfecefb 14232 nova-compute-uml_2013.2.1-1_all.deb
 36822ba121065bf005a43807b392965db45055c6 14220 nova-compute-qemu_2013.2.1-1_all.deb
 7f8c44be0f9102fcf37e41af3bcf36aaae3f9862 14296 nova-compute-kvm_2013.2.1-1_all.deb
 bc41652e544035209ff284bbe306455d0d230d43 16572 nova-conductor_2013.2.1-1_all.deb
 c1113059b6f6d1ca5e7cf123dec6200d728358c6 16672 nova-cert_2013.2.1-1_all.deb
 419e53992594c74a501d846da8f14cf2dc13b410 17682 nova-scheduler_2013.2.1-1_all.deb
 f8fabf152b736df0ddda72f23a1d4d614664af52 13874 nova-volume_2013.2.1-1_all.deb
 ec833ddfd9c65f580a439b84cf4e0316a77a9dd1 29574 nova-api_2013.2.1-1_all.deb
 dbab0b807a5763c7d643953d36b0220ca79b9e98 18750 nova-network_2013.2.1-1_all.deb
 589d35e5d6d6fe22af0b03719eddb56d84a7dda9 16690 nova-console_2013.2.1-1_all.deb
 b91bccd37782c2fba10c448a403f7faa04fdfbd3 16676 nova-consoleauth_2013.2.1-1_all.deb
 c7634c84da799a12a66eab81bcab9938820dbfe9 1043386 nova-doc_2013.2.1-1_all.deb
 396d711b95df480c2952494af67807dbf2c027be 15660 nova-cells_2013.2.1-1_all.deb
 3b0e64ef870b0cd63ef4b5e81e292795f169d3f6 16002 nova-baremetal_2013.2.1-1_all.deb
 6612b4f6e5f03bc5d3298108e0d41ab9a5af10cc 21424 nova-consoleproxy_2013.2.1-1_all.deb
Checksums-Sha256: 
 4ee71e9edc925c53419119b90153d913bdd3b98d4be57d7e62faecdef2f36d52 4540 nova_2013.2.1-1.dsc
 99847c84b6ae16ba44eb81b4d9eddc77fffaeb519f9bf771dd22392906460a7e 2875916 nova_2013.2.1.orig.tar.xz
 cef70dc46d876fdeea01e61cc944dc6cf1498bf20bbc90a30e3d67884c977fd3 79095 nova_2013.2.1-1.debian.tar.gz
 dd794466f08f92200390d2b401de8f38c6b00aebc46f8c026924546347d4c865 1637046 python-nova_2013.2.1-1_all.deb
 e840f41c855f345074a2f50b760d019ba3d80094439ca5219eae092da326d67d 46082 nova-common_2013.2.1-1_all.deb
 56b5eae5431bcf9a35dd2351c965a9a54a8bbaa5fa5785e0bf8455d472911d78 18856 nova-compute_2013.2.1-1_all.deb
 578a32f44c2a78ded931717979c9c48f3aae59d213b0c7a1b2c9566dd4cd9ad3 14210 nova-compute-lxc_2013.2.1-1_all.deb
 9fb5cd170840fce71c88c7c46839aae679ee8596445520b7e40237d8c957330c 14232 nova-compute-uml_2013.2.1-1_all.deb
 f85df7d5cb926fc44e56642435c007d19ed2e1e4675db63c22a766f3279a5f6b 14220 nova-compute-qemu_2013.2.1-1_all.deb
 0f00e92ede25894997b89cc0e191c3e7c6a5b4ff29b51e3be013feea956aa5a2 14296 nova-compute-kvm_2013.2.1-1_all.deb
 7464c0a4e0be2e80c4bb59501fc97cfd937902a5d6525f8880046def2bc1b884 16572 nova-conductor_2013.2.1-1_all.deb
 768b0b4b4b576fce51eb2a7251492251c796f51b5e75294254523f3dbb1f5190 16672 nova-cert_2013.2.1-1_all.deb
 737a9f45d1b5d1ed1a462dc72681eab36afa5a08ba2c8419dad4a0a24b1643ad 17682 nova-scheduler_2013.2.1-1_all.deb
 78bb76473c71ebb735398024b75ebfa4644f45dcc530478d0151c225641ced60 13874 nova-volume_2013.2.1-1_all.deb
 39c8cb91c04ac13cb6a2432957b951e13114584121508c7b1c1cadf4b881ae3a 29574 nova-api_2013.2.1-1_all.deb
 d40500707485488de1ef38f01aa75be2a7168c86bc6a0bb9cc60d6a15f90a642 18750 nova-network_2013.2.1-1_all.deb
 28a8ba262d0226d56e79c0b0c06edf249db2d23979dda37526b33d1b9516972e 16690 nova-console_2013.2.1-1_all.deb
 684050a34cd428757fe7fb86d7a975fe2d5694f6099b1e40c05313a7ffa18bee 16676 nova-consoleauth_2013.2.1-1_all.deb
 e4a69230c949a11d2ff5df7f7f484d505709712dea5c24ec07ec621ba195765d 1043386 nova-doc_2013.2.1-1_all.deb
 ce75803f6cddeeb0aada629b1c53314b50f9d7085bbb0468f947e79e8c2182f8 15660 nova-cells_2013.2.1-1_all.deb
 354eba63e026097d4aea084335c88c166b9f61f2d2120e3e8fd2aecdae3979cb 16002 nova-baremetal_2013.2.1-1_all.deb
 9362aa9279077011a8f4dde3b373d337994fa72301d951ca06758320e49d63b7 21424 nova-consoleproxy_2013.2.1-1_all.deb
Files: 
 f8688bcc12928ed94d80f0d81d1b002d 4540 net extra nova_2013.2.1-1.dsc
 97bef804da08c480118105de8c38c409 2875916 net extra nova_2013.2.1.orig.tar.xz
 236143682733527fabd5f99b3b136ada 79095 net extra nova_2013.2.1-1.debian.tar.gz
 eb3cbb174d4e7be0baeb187852b21efc 1637046 python extra python-nova_2013.2.1-1_all.deb
 97a0e923fef6de735065c89d545210a0 46082 net extra nova-common_2013.2.1-1_all.deb
 f79ef881c684c47d48cb36b5d910fad9 18856 net extra nova-compute_2013.2.1-1_all.deb
 5608b8a0539f5af389012aa8da1edb73 14210 net extra nova-compute-lxc_2013.2.1-1_all.deb
 d40f4d1323eb8703763c804950968862 14232 net extra nova-compute-uml_2013.2.1-1_all.deb
 a460964ac77058af6479ddc7a40dcbad 14220 net extra nova-compute-qemu_2013.2.1-1_all.deb
 89ae23c1182e8e18378c0e7eb2a1e3a0 14296 net extra nova-compute-kvm_2013.2.1-1_all.deb
 17c6ce5cfa60d39a4c4b9229807dd03c 16572 net extra nova-conductor_2013.2.1-1_all.deb
 33d5caf930b0cf58ac079c3e94a88c2f 16672 net extra nova-cert_2013.2.1-1_all.deb
 db3954ffa9b6c3b0fd8528af5251e3d1 17682 net extra nova-scheduler_2013.2.1-1_all.deb
 aa3fdc83b0ecede46e7aa4e2b39bd25b 13874 oldlibs extra nova-volume_2013.2.1-1_all.deb
 5031a7afade5ebe0c124721cba3a87f6 29574 net extra nova-api_2013.2.1-1_all.deb
 edbd19b66fa54fcf93ead75dd2d3d381 18750 net extra nova-network_2013.2.1-1_all.deb
 09718f4b4f5aa2e4721e2050ff3377ff 16690 net extra nova-console_2013.2.1-1_all.deb
 2ff4e13d526a49103de36d08a609bd03 16676 net extra nova-consoleauth_2013.2.1-1_all.deb
 67e89a60f023e14bd2469e202807ce57 1043386 doc extra nova-doc_2013.2.1-1_all.deb
 5f0776b08a2396e3e02615cef6953661 15660 net extra nova-cells_2013.2.1-1_all.deb
 1b390ef12ae46eabb14fa99cdfe7c367 16002 net extra nova-baremetal_2013.2.1-1_all.deb
 9a136c306f569590b8323ba2063c74a6 21424 net extra nova-consoleproxy_2013.2.1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCAAGBQJSsYghAAoJENQWrRWsa0P+AzEP/0fX8X4Sk1QkNXnQBR76iKhK
4dO+fLaU381LOPmMgWCAXDm6/MwbPtyOD+Kslj/ZZQ+qeV12WQCx1AUZDKs/zRR4
SD3Shz0O5BRuMYZS7FhbXGRK60jfOxw0ERbv72RHOFPqcfGk7hKiNfOLWDxn2FXC
AGHU7hF5MGIYeAcUNn5i7NAyG7gQZteEi4lCA675iQ5detjp0xPtL+26mqcZOiJV
tQhB//JD06XEij8RxM+EGi5o5feQjyaC0ylljTHv127EY5EZq5WOCw5XDAjzjTdh
GopaX0ulfTnkRTxpEHee2dPw0XSzKs1zwtUzkn6MXFbfuCKfpTOkGuV7bS5860mT
6CtcJgWDfD8yXef4AP4GcTOmpZMgsIRfu7xZlQhHIakyp1M1E0oy0i3HmZxHb9AE
RM6Nv0z6cMetPAGaHU7G2JbVLHZ0xzxmHwKh4vcmKw+wpw/dTxDy/tT1IzqxIm7I
H+M6zQ9XogfoPke9w3YuF1fkJveF2Yf+F6a7eSj5CpNI0Ag9IVsLYYWEKybSILvK
OSWWHd9ogEzoH7bIuKebU2aJVaPKH5zb8KSku/xHwII6vCmaMTiHTtcvkxXk0l+i
34TFpMi1PICBREOQcp5JafwBom6982WQ9puRb9iCf1W+DUqoWwNpdX+dpTEPxJ5a
wAr6jluIGQPdUPxgZiYA
=2S6g
-----END PGP SIGNATURE-----

Message #23 received at 732022@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 732022@bugs.debian.org

Subject: Re: Bug#732022 closed by Thomas Goirand <zigo@debian.org> (Bug#732022: fixed in nova 2013.2.1-1)

Date: Fri, 14 Feb 2014 07:01:37 +0100

Hi,

On Wed, Dec 18, 2013 at 11:51:16AM +0000, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the nova package:
> 
> #732022: nova: CVE-2013-7048: Nova live snapshots use an insecure local directory
> 
> It has been closed by Thomas Goirand <zigo@debian.org>.

From https://wiki.openstack.org/wiki/ReleaseNotes/2013.2.2 and looking
at nova/virt/libvirt/driver.py this looks it is fixed only in
2013.2.2.

I have adjusted the severity though, as this if I understand it
correctly needs shell access to a nova compute-node to be exploited.

Regards,
Salvatore

Message #30 received at 732022-done@bugs.debian.org (full text, mbox, reply):

From: Thomas Goirand <zigo@debian.org>

To: 732022-done@bugs.debian.org

Subject: This is fixed in 2014.1

Date: Wed, 30 Apr 2014 17:00:05 +0800

This is fixed in 2014.1

Send a report that this bug log contains spam.