Test ID:	1.3.6.1.4.1.25623.1.0.841300
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1709-1)
Summary:	The remote host is missing an update for the 'nova' package(s) announced via the USN-1709-1 advisory.
Description:	Summary: The remote host is missing an update for the 'nova' package(s) announced via the USN-1709-1 advisory. Vulnerability Insight: Phil Day discovered that nova-volume did not validate access to volumes. An authenticated attacker could exploit this to bypass intended access controls and boot from arbitrary volumes. Affected Software/OS: 'nova' package(s) on Ubuntu 11.10, Ubuntu 12.04, Ubuntu 12.10. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0208 51963 http://secunia.com/advisories/51963 51992 http://secunia.com/advisories/51992 57613 http://www.securityfocus.com/bid/57613 89661 http://osvdb.org/89661 RHSA-2013:0208 http://rhn.redhat.com/errata/RHSA-2013-0208.html USN-1709-1 http://www.ubuntu.com/usn/USN-1709-1 [oss-security] 20130129 [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208) http://www.openwall.com/lists/oss-security/2013/01/29/9 https://bugs.launchpad.net/nova/+bug/1069904 https://bugzilla.redhat.com/show_bug.cgi?id=902629 https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad nova-volume-security-bypass(81697) https://exchange.xforce.ibmcloud.com/vulnerabilities/81697
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.