OpenStack Security Advisory

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1069904
Comment #57

Comment 57 for bug 1069904

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-01-29: Fix merged to nova (stable/folsom)

#57

Reviewed: https://review.openstack.org/20699
Committed: http://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad
Submitter: Jenkins
Branch: stable/folsom

commit 317cc0af385536dee43ef2addad50a91357fc1ad
Author: Vishvananda Ishaya <email address hidden>
Date: Thu Jan 24 10:07:33 2013 +0000

disallow boot from volume from specifying arbitrary volumes

    Fix a vulnerability in volume attachment in nova-volume, affecting the
    boot-from-volume feature. By passing a specific volume ID, an
    authenticated user may be able to boot from a volume they don't own,
    potentially resulting in full access to that 3rd-party volume.
    Folsom setups making use of Cinder are not affected.

Fixes bug: 1069904, CVE-2013-0208
Change-Id: I5f7c8d20d3ebf33ce1ce64bf0a8418bd2b5a6411