Date: Tue, 14 Oct 2014 14:50:08 +0000 From: Jeremy Stanley <jeremy@...nstack.org> To: oss-security@...ts.openwall.com Subject: [OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750) OpenStack Security Advisory: 2014-035 CVE: CVE-2014-8750 Date: October 14, 2014 Title: Nova VMware driver may connect VNC to another tenant's console Reporter: Marcio Roberto Starke Products: Nova Versions: up to 2014.1.3 Description: Marcio Roberto Starke reported a vulnerability in the Nova VMware driver. A race condition in its VNC port allocation may cause it to connect the wrong console if instances are created concurrently. By repeatedly spawning new instances, an authenticated user may be able to gain unauthorized console access to instances belonging to other tenants. Only Nova setups using the VMware driver and the VNC proxy service are affected. Juno (development branch) fix: https://review.openstack.org/114548 Icehouse fix: https://review.openstack.org/126425 Notes: This fix was included in the 2014.2rc1 release candidate and will appear in a future 2014.1.4 stable point release. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8750 https://launchpad.net/bugs/1357372 -- Jeremy Stanley OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (950 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ