Cloud Foundry BOSH Ubuntu Stemcell vulnerable to CVE-2013-2094 exploits
Severity: High
Vendor: Cloud Foundry by Pivotal
Versions Affected:
- Any open source deployment based on a Cloud Foundry BOSH provided stemcell stable version 2175 and lower.
- Earlier unsupported versions may be affected
- Pivotal CF 1.0
Description:
Cloud Foundry BOSH uses Ubuntu as the underlying operating system for Cloud Foundry. CVE-2013-2094 describes a Linux kernel vulnerability by which an unauthorized user could gain root access. Any Cloud Foundry deployment that uses the Ubuntu based stemcell with Cloud Foundry BOSH (including Pivotal CF 1.0 and earlier versions as well as deployments of the open source) could be affected by this vulnerability.
Mitigation:
Open source users of affected versions should download and deploy a BOSH stemcell stable version 2200 and higher or stemcell stable version 1471.2.
Credit:
This issue discovered and reported responsibly to the Pivotal security team
by Christopher Ferris of IBM.
References:
--