Test ID:	1.3.6.1.4.1.25623.1.1.12.2013.1771.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1771-1)
Summary:	The remote host is missing an update for the 'nova' package(s) announced via the USN-1771-1 advisory.
Description:	Summary: The remote host is missing an update for the 'nova' package(s) announced via the USN-1771-1 advisory. Vulnerability Insight: Loganathan Parthipan discovered that Nova did not properly validate VNC tokens after an instance was deleted. An authenticated attacker could exploit this to access other virtual machines under certain circumstances. This issue did not affect Ubuntu 11.10. (CVE-2013-0335) Vish Ishaya discovered that Nova did not always enforce quotas on fixed IPs. An authenticated attacker could exploit this to cause a denial of service via resource consumption. Nova will now enforce a quota limit of 10 fixed IPs per instance, which is configurable via 'quota_fixed_ips' in /etc/nova/nova.conf. (CVE-2013-1838) Affected Software/OS: 'nova' package(s) on Ubuntu 11.10, Ubuntu 12.04, Ubuntu 12.10. Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0335 52337 http://secunia.com/advisories/52337 52728 http://secunia.com/advisories/52728 90657 http://www.osvdb.org/90657 RHSA-2013:0709 http://rhn.redhat.com/errata/RHSA-2013-0709.html USN-1771-1 http://www.ubuntu.com/usn/USN-1771-1 [oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335) http://www.openwall.com/lists/oss-security/2013/02/26/7 https://bugs.launchpad.net/nova/+bug/1125378 https://review.openstack.org/#/c/22086/ https://review.openstack.org/#/c/22758 https://review.openstack.org/#/c/22872/ Common Vulnerability Exposure (CVE) ID: CVE-2013-1838 52580 http://secunia.com/advisories/52580 58492 http://www.securityfocus.com/bid/58492 91303 http://osvdb.org/91303 http://ubuntu.com/usn/usn-1771-1 [openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838) https://lists.launchpad.net/openstack/msg21892.html [oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838) http://www.openwall.com/lists/oss-security/2013/03/14/18 https://bugs.launchpad.net/nova/+bug/1125468 https://bugzilla.redhat.com/show_bug.cgi?id=919648 https://review.openstack.org/#/c/24451/ https://review.openstack.org/#/c/24452/ https://review.openstack.org/#/c/24453/ nova-fixedips-dos(82877) https://exchange.xforce.ibmcloud.com/vulnerabilities/82877
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.