Ubuntu 14.04 LTS : nova vulnerabilities (USN-2407-1)

Low Nessus Plugin ID 79213


The remote Ubuntu host is missing a security-related patch.


Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMware driver. A remove authenticated user could exploit this to bypass intended quota limits.
By default, Ubuntu does not use the VMware driver. (CVE-2014-3608)

Amrith Kumar discovered that OpenStack Nova did not properly sanitize log message contents. Under certain circumstances, a local attacker with read access to Nova log files could obtain access to sensitive information. (CVE-2014-7230).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected python-nova package.

Plugin Details

Severity: Low

ID: 79213

File Name: ubuntu_USN-2407-1.nasl

Version: $Revision: 1.3 $

Type: local

Agent: unix

Published: 2014/11/12

Modified: 2016/05/24

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.7

Temporal Score: 2.2

Vector: CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:python-nova, cpe:/o:canonical:ubuntu_linux:14.04

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/11/11

Reference Information

CVE: CVE-2014-3608, CVE-2014-7230

OSVDB: 104855, 112366

USN: 2407-1