FKIE_CVE-2012-5625

Vulnerability from fkie_nvd - Published: 2012-12-26 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).
References
secalert@redhat.comhttp://osvdb.org/88419
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0208.html
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/12/11/5
secalert@redhat.comhttp://www.securityfocus.com/bid/56904
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1663-1Patch
secalert@redhat.comhttps://bugs.launchpad.net/nova/+bug/1070539
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=884293
secalert@redhat.comhttps://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5fPatch
secalert@redhat.comhttps://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354Patch
secalert@redhat.comhttps://launchpad.net/nova/folsom/2012.2.2
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/88419
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0208.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/12/11/5
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56904
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1663-1Patch
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/nova/+bug/1070539
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=884293
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5fPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354Patch
af854a3a-2127-422b-91ae-364da2661108https://launchpad.net/nova/folsom/2012.2.2
Impacted products
Vendor Product Version
openstack folsom 2012.2
openstack grizzly -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83ED744-9E3D-4510-B3E6-6DDE1090F0B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV)."
    },
    {
      "lang": "es",
      "value": "OpenStack Compute (Nova) Folsom antes de 2012.2.2 y Grizzly, cuando utiliza instancias con respaldo libvirt y LVM, no limpia adecuadamente el contenido del volumen f\u00edsico  (PV) cuando se reasignan las instancias, lo que permite a los atacantes obtener informaci\u00f3n sensible mediante la lectura de la memoria de la anterior volumen l\u00f3gico (LV).\r\n"
    }
  ],
  "id": "CVE-2012-5625",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-12-26T22:55:03.783",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/88419"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/12/11/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/56904"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1663-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/nova/+bug/1070539"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884293"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://launchpad.net/nova/folsom/2012.2.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/88419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/12/11/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/56904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1663-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/nova/+bug/1070539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=884293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://launchpad.net/nova/folsom/2012.2.2"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.