oss-sec mailing list archives

CVE request for vulnerability in OpenStack Nova

From: Jeremy Stanley <jeremy () openstack org>
Date: Mon, 13 Oct 2014 19:11:13 +0000

A vulnerability was discovered in OpenStack (see below). In order to
ensure full traceability, we need a CVE number assigned that we can
attach to further notifications. This issue is already public,
although an advisory was not sent yet.

Title: Nova VMware driver may connect VNC to another tenant's console
Reporter: Marcio Roberto Starke
Products: Nova
Versions: up to 2014.1.3

Description:
Marcio Roberto Starke reported a vulnerability in the Nova VMware
driver. A race condition in its VNC port allocation may cause it to
connect the wrong console if instances are created concurrently. By
repeatedly spawning new instances, an authenticated user may be able
to gain unauthorized console access to instances belonging to other
tenants. Only Nova setups using the VMware driver and the VNC proxy
service are affected.

References:
https://launchpad.net/bugs/1357372

Thanks in advance,

-- 
Jeremy Stanley
OpenStack Vulnerability Management Team

Attachment: signature.asc
Description: Digital signature

Current thread:

CVE request for vulnerability in OpenStack Nova Jeremy Stanley (Oct 13)
- Re: CVE request for vulnerability in OpenStack Nova cve-assign (Oct 13)
- <Possible follow-ups>
- CVE request for vulnerability in OpenStack Nova Tristan Cacqueray (Oct 20)
  - Re: CVE request for vulnerability in OpenStack Nova cve-assign (Oct 21)