Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
Alex Gaynor discovered that OpenStack Nova would sometimes respond
with variable times when comparing authentication tokens. If nova were
configured to proxy metadata requests via Neutron, a remote
authenticated attacker could exploit this to conduct timing attacks
and ascertain configuration details of another instance.
Update the affected python-nova package.
Risk factor :
Medium / CVSS Base Score : 4.3
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 77325 ()
CVE ID: CVE-2014-3517
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.