Bug 1039148 (CVE-2013-6419)

Summary:

CVE-2013-6419 OpenStack Neutron and Nova: Metadata queries from Neutron to Nova are not restricted by tenant

Product:

[Other] Security Response

Reporter:

Kurt Seifried <kseifried>

Component:

vulnerability

Assignee:

Red Hat Product Security <security-response-team>

Status:

CLOSED ERRATA

QA Contact:

Severity:

medium

Docs Contact:

Priority:

medium

Version:

unspecified

CC:

aortega, apevec, ayoung, chrisw, gkotton, gmollett, iheim, jruzicka, lhh, markmc, rbryant, sclewis, security-response-team, sradvan, yeylon

Target Milestone:

---

Keywords:

Security

Target Release:

---

Hardware:

All

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2014-07-15 07:13:08 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Bug Depends On:

1039154, 1039161

Bug Blocks:

1023240, 1039152

Attachments:

Description	Flags
cve-2013-6419-neutron-master-icehouse.patch	none
cve-2013-6419-neutron-stable-grizzly.patch	none
cve-2013-6419-neutron-stable-havana.patch	none
cve-2013-6419-nova-master-icehouse.patch	none
cve-2013-6419-nova-stable-grizzly.patch	none
cve-2013-6419-nova-stable-havana.patch	none

Description Kurt Seifried 2013-12-06 19:07:39 UTC

Jeremy Stanley of the OpenStack	Project	reports:

Aaron Rosen from VMware reported a vulnerability in the metadata
access from OpenStack Neutron to Nova. Because of a missing
authorization check on port binding, by guessing an instance_id a
tenant may retrieve another tenant's metadata resulting in
information disclosure. Only OpenStack setups running
neutron-metadata-agent are affected.

Comment 2 Kurt Seifried 2013-12-06 19:27:09 UTC

Created attachment 833732 [details]
cve-2013-6419-neutron-master-icehouse.patch

Comment 3 Kurt Seifried 2013-12-06 19:27:30 UTC

Created attachment 833733 [details]
cve-2013-6419-neutron-stable-grizzly.patch

Comment 4 Kurt Seifried 2013-12-06 19:27:53 UTC

Created attachment 833734 [details]
cve-2013-6419-neutron-stable-havana.patch

Comment 5 Kurt Seifried 2013-12-06 19:28:11 UTC

Created attachment 833735 [details]
cve-2013-6419-nova-master-icehouse.patch

Comment 6 Kurt Seifried 2013-12-06 19:28:41 UTC

Created attachment 833736 [details]
cve-2013-6419-nova-stable-grizzly.patch

Comment 7 Kurt Seifried 2013-12-06 19:28:58 UTC

Created attachment 833737 [details]
cve-2013-6419-nova-stable-havana.patch

Comment 8 Kurt Seifried 2013-12-06 19:31:59 UTC

Acknowledgements: 

Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Aaron Rosen of VMware as the original reporter.

Comment 13 errata-xmlrpc 2014-01-22 18:31:59 UTC

This issue has been addressed in following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:0091 https://rhn.redhat.com/errata/RHSA-2014-0091.html

Comment 15 errata-xmlrpc 2014-03-04 19:04:04 UTC

This issue has been addressed in following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:0231 https://rhn.redhat.com/errata/RHSA-2014-0231.html