CVE 2013-0208
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_
Related bugs and status
CVE-2013-0208 (Candidate) is related to these bugs:
Bug #921774: snapshot stays in saving state if the vm base image is deleted
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 921774 | snapshot stays in saving state if the vm base image is deleted | OpenStack Compute (nova) | High | Fix Released | ||
| 921774 | snapshot stays in saving state if the vm base image is deleted | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 921774 | snapshot stays in saving state if the vm base image is deleted | nova (Ubuntu) | Undecided | Fix Released | ||
| 921774 | snapshot stays in saving state if the vm base image is deleted | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1004791: When attach volume lost attach when node restart
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1004791 | When attach volume lost attach when node restart | OpenStack Compute (nova) | High | Fix Released | ||
| 1004791 | When attach volume lost attach when node restart | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 1004791 | When attach volume lost attach when node restart | nova (Ubuntu) | Undecided | Fix Released | ||
| 1004791 | When attach volume lost attach when node restart | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1026210: Nova flavor ephemeral space size reported incorrectly
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1026210 | Nova flavor ephemeral space size reported incorrectly | OpenStack Compute (nova) | Undecided | Fix Released | ||
| 1026210 | Nova flavor ephemeral space size reported incorrectly | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 1026210 | Nova flavor ephemeral space size reported incorrectly | nova (Ubuntu) | Undecided | Fix Released | ||
| 1026210 | Nova flavor ephemeral space size reported incorrectly | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1040537: Bridge port's hairpin mode not set after resuming a machine
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1040537 | Bridge port's hairpin mode not set after resuming a machine | OpenStack Compute (nova) | High | Fix Released | ||
| 1040537 | Bridge port's hairpin mode not set after resuming a machine | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 1040537 | Bridge port's hairpin mode not set after resuming a machine | nova (Ubuntu) | Undecided | Fix Released | ||
| 1040537 | Bridge port's hairpin mode not set after resuming a machine | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1043999: nova usage-list returns wrong usage
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1043999 | nova usage-list returns wrong usage | OpenStack Compute (nova) | High | Fix Released | ||
| 1043999 | nova usage-list returns wrong usage | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 1043999 | nova usage-list returns wrong usage | nova (Ubuntu) | Undecided | Fix Released | ||
| 1043999 | nova usage-list returns wrong usage | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1045152: Heavily loaded nova-compute instances don't sent reports frequently enough
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1045152 | Heavily loaded nova-compute instances don't sent reports frequently enough | OpenStack Compute (nova) | High | Fix Released | ||
| 1045152 | Heavily loaded nova-compute instances don't sent reports frequently enough | oslo-incubator | High | Invalid | ||
| 1045152 | Heavily loaded nova-compute instances don't sent reports frequently enough | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 1045152 | Heavily loaded nova-compute instances don't sent reports frequently enough | nova (Ubuntu) | Undecided | Fix Released | ||
| 1045152 | Heavily loaded nova-compute instances don't sent reports frequently enough | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1046313: At termination, LXC rootfs is not always unmounted before rmtree() is called
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1046313 | At termination, LXC rootfs is not always unmounted before rmtree() is called | OpenStack Compute (nova) | High | Fix Released | ||
| 1046313 | At termination, LXC rootfs is not always unmounted before rmtree() is called | OpenStack Compute (nova) essex | Undecided | Fix Released | ||
| 1046313 | At termination, LXC rootfs is not always unmounted before rmtree() is called | nova (Ubuntu) | Undecided | Fix Released | ||
| 1046313 | At termination, LXC rootfs is not always unmounted before rmtree() is called | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1050982: ensure_default_security_group() does not call sgh
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1050982 | ensure_default_security_group() does not call sgh | OpenStack Compute (nova) | High | Fix Released | ||
| 1050982 | ensure_default_security_group() does not call sgh | OpenStack Compute (nova) essex | High | Fix Released | ||
| 1050982 | ensure_default_security_group() does not call sgh | OpenStack Compute (nova) folsom | High | Fix Released | ||
| 1050982 | ensure_default_security_group() does not call sgh | nova (Ubuntu) | Undecided | Fix Released | ||
| 1050982 | ensure_default_security_group() does not call sgh | nova (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1050982 | ensure_default_security_group() does not call sgh | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1069904: [OSSA 2013-001] No authentication on block device used for os-volume_boot
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1069904 | [OSSA 2013-001] No authentication on block device used for os-volume_boot | OpenStack Compute (nova) | Undecided | Fix Released | ||
| 1069904 | [OSSA 2013-001] No authentication on block device used for os-volume_boot | OpenStack Compute (nova) folsom | High | Fix Released | ||
| 1069904 | [OSSA 2013-001] No authentication on block device used for os-volume_boot | nova (Debian) | Unknown | Fix Released | ||
| 1069904 | [OSSA 2013-001] No authentication on block device used for os-volume_boot | OpenStack Security Advisory | Undecided | Fix Released | ||
Bug #1075859: use_single_default_gateway does not function correctly
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1075859 | use_single_default_gateway does not function correctly | OpenStack Compute (nova) | Medium | Fix Released | ||
| 1075859 | use_single_default_gateway does not function correctly | OpenStack Compute (nova) folsom | Medium | Fix Released | ||
| 1075859 | use_single_default_gateway does not function correctly | nova (Ubuntu) | Undecided | Fix Released | ||
| 1075859 | use_single_default_gateway does not function correctly | nova (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1075859 | use_single_default_gateway does not function correctly | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1079745: Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes attached
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1079745 | Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes attached | OpenStack Compute (nova) | Undecided | Invalid | ||
| 1079745 | Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes attached | nova (Ubuntu) | Undecided | Fix Released | ||
| 1079745 | Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes attached | nova (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1089488: Meta bug for tracking Openstack Stable Updates
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | glance (Ubuntu) | Undecided | Fix Released | ||
Bug #1091939: nova-network applies too liberal a SNAT rule
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1091939 | nova-network applies too liberal a SNAT rule | nova (Ubuntu) | High | Fix Released | ||
| 1091939 | nova-network applies too liberal a SNAT rule | nova (Ubuntu Precise) | High | Fix Released | ||
| 1091939 | nova-network applies too liberal a SNAT rule | OpenStack Compute (nova) | Undecided | Invalid | ||
See the 
CVE page on Mitre.org
for more details.
