OpenStack Nova Information Leak Vulnerability (CVE-2014-3517)
Release date:
Updated on:
Affected Systems:
Openstack Nova
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68710
CVE (CAN) ID: CVE-2014-3517
OpenStack Compute (Nova) is a cloud computing constructor written in Python and is part of the laaS system.
OpenStack Nova has the scheduled attack vulnerability in implementation. By analyzing the response time of the Instance metadata request, attackers can guess the valid instance ID signature, which allows attackers to access the configuration information of other instances.
OpenStack Nova Image Processing Mechanism and Cache Mechanism
Install and configure OpenStack Nova on Ubuntu
Install and configure OpenStack Nova on CentOS
Install OpenStack Nova in CentOS 6.4
<* Source: Alex Gaynor
Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 1112499
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://lists.openstack.org/pipermail/openstack-announce/
This article permanently updates the link address: