Ubuntu 14.04 LTS : nova vulnerabilities (USN-2407-1)
Low Nessus Plugin ID 79213
SynopsisThe remote Ubuntu host is missing a security-related patch.
DescriptionGarth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMware driver. A remove authenticated user could exploit this to bypass intended quota limits.
By default, Ubuntu does not use the VMware driver. (CVE-2014-3608)
Amrith Kumar discovered that OpenStack Nova did not properly sanitize log message contents. Under certain circumstances, a local attacker with read access to Nova log files could obtain access to sensitive information. (CVE-2014-7230).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected python-nova package.