Date: Wed, 11 Dec 2013 15:44:18 +0000 From: Jeremy Stanley <jeremy@...nstack.org> To: oss-security@...ts.openwall.com Subject: [OSSA 2013-033] Metadata queries from Neutron to Nova are not restricted by tenant (CVE-2013-6419) OpenStack Security Advisory: 2013-033 CVE: CVE-2013-6419 Date: December 11, 2013 Title: Metadata queries from Neutron to Nova are not restricted by tenant Reporter: Aaron Rosen (VMware) Products: Neutron, Nova Affects: All supported releases Description: Aaron Rosen from VMware reported a vulnerability in the metadata access from OpenStack Neutron to Nova. Because of a missing authorization check on port binding, by guessing an instance_id a tenant may retrieve another tenant's metadata resulting in information disclosure. Only OpenStack setups running neutron-metadata-agent are affected. Icehouse (development branch) fix: https://review.openstack.org/61439 (neutron) https://review.openstack.org/61428 (nova) Havana fix: https://review.openstack.org/61442 (neutron) https://review.openstack.org/61435 (nova) Grizzly fix: https://review.openstack.org/61443 (neutron) https://review.openstack.org/61437 (nova) Notes: This fix will be included in the icehouse-2 development milestone and in a future 2013.2.1 release. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6419 https://launchpad.net/bugs/1235450 -- Jeremy Stanley OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (967 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.