CVE-2013-0335

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

Published: Mar 22, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-0335
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
openstack / essex	2012.1	2012.1.x
openstack / folsom	2012.2	2012.2.x
openstack / grizzly	2012.2	2012.2.x
canonical / ubuntu_linux	11.10	11.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x

http://rhn.redhat.com/errata/RHSA-2013-0709.html
http://secunia.com/advisories/52337
http://secunia.com/advisories/52728
http://www.openwall.com/lists/oss-security/2013/02/26/7
http://www.osvdb.org/90657
http://www.ubuntu.com/usn/USN-1771-1
https://bugs.launchpad.net/nova/+bug/1125378
https://review.openstack.org/#/c/22086/
https://review.openstack.org/#/c/22758
https://review.openstack.org/#/c/22872/

Vulnerability Database

289,697

CVE-2013-0335