Launchpad CVE tracker

CVE 2014-3641

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

Related bugs and status

CVE-2014-3641 (Candidate) is related to these bugs:

Bug #1350504: [OSSA 2014-033] GlusterFS driver uses unsafe qcow2 format detection (CVE-2014-3641)

		In	Importance	Status
1350504	[OSSA 2014-033] GlusterFS driver uses unsafe qcow2 format detection (CVE-2014-3641)	Cinder	High	Fix Released
1350504	[OSSA 2014-033] GlusterFS driver uses unsafe qcow2 format detection (CVE-2014-3641)	OpenStack Security Advisory	High	Fix Released
1350504	[OSSA 2014-033] GlusterFS driver uses unsafe qcow2 format detection (CVE-2014-3641)	Cinder icehouse	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-3641

References