Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 14 Oct 2014 01:01:53 -0400 (EDT)
Subject: Re: CVE request for vulnerability in OpenStack Nova

Hash: SHA1

> Title: Nova VMware driver may connect VNC to another tenant's console
> Products: Nova
> Versions: up to 2014.1.3
> Marcio Roberto Starke reported a vulnerability in the Nova VMware
> driver. A race condition in its VNC port allocation may cause it to
> connect the wrong console if instances are created concurrently. By
> repeatedly spawning new instances, an authenticated user may be able
> to gain unauthorized console access to instances belonging to other
> tenants. Only Nova setups using the VMware driver and the VNC proxy
> service are affected.
> References:

> When spawning some instances, nova VMware driver could have a race
> condition in VNC port allocation. Although the get_vnc_port function
> has a lock it not guarantee that the whole vnc port allocation process
> is locked, so another instance could receive the same port if it
> requests the VNC port before nova has finished the vnc port allocation
> to another VM.
> If the instances with the same VNC port are allocated in same host it
> could lead to a improper access to the instance console.
> Reproduce the problem: Launch two or more instances at same time. In
> some cases one instance could execute the get_vnc_port and pick a port
> but before this instance has finished the _set_vnc_config another
> instance could execute get_vnc_port and pick the same port.

> it looks like something an attacker could probably leverage repetition
> to eventually exploit

Use CVE-2014-8750.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through ]
Version: GnuPG v1.4.14 (SunOS)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.