Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Ubuntu 11.10 Critical: USN-1305-1 Nova File Overwrite Issue

ubuntu
Calendar Grey December 13, 2011
Scroller Ubuntu
The Nova vulnerability in Ubuntu 11.10 presents serious risks tied to data overwrite, allowing potential unauthorized access to sensitive data. Users must urgently install the latest Canonical updates that include vital patches to shield their systems. Administrators should perform complete system audits and confirm that robust security measures are in place to defend against these exploits
Nova could be made to overwrite files.

Summary

Nova could be made to overwrite files.

Software Description:

- nova: OpenStack Compute cloud infrastructure

Details:

David Black discovered that Nova did not properly perform input validation

during image registration. An attacker could exploit this by registering a

crafted image using the EC2 API or S3/RegisterImage method and overwrite

files as the nova user.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  python-nova                     2011.3-0ubuntu6.3

In general, a standard system update will make all the necessary changes.

References

CVE-2011-4596

Severity
critical
Lowest
Low
Medium
High
Critical

December 13, 2011

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.