Bug 902629 (CVE-2013-0208)

Summary: CVE-2013-0208 openstack-nova: Boot from volume allows access to random volumes
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: apevec, cvsbot-xmlrpc, jrusnack, markmc, ndipanov, pbrady, rbryant, security-response-team, ykaul
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=important,public=20130129,reported=20130121,source=distros,cvss2=6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P,openstack-1/openstack-nova=affected,openstack-2.0/openstack-nova=affected,fedora-17/openstack-nova=affected,fedora-18/openstack-nova=affected,epel-6/openstack-nova=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-04-23 08:54:59 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 903034, 903035    
Bug Blocks: 902643    
Attachments:
Description Flags
essex-CVE-2013-0208-1069904.patch
none
folsom-CVE-2013-0208-1069904.patch
none
essex-CVE-2013-0208-1069904-v2.patch
none
folsom-CVE-2013-0208-1069904-v2.patch none

Description Kurt Seifried 2013-01-22 01:17:22 EST
Russel Bryant rbryant@redhat.com reports on behalf of the OpenStack Project:

Title: Boot from volume allows access to random volumes
Reporter: Phil Day (HP)
Products: Nova
Affects: Essex, Folsom

Description:
Phil Day from HP reported a vulnerability in volume attachment in
nova-volume, affecting the boot-from-volume feature. By passing a
specific volume ID, an authenticated user may be able to boot from a
volume he doesn't own, potentially resulting in full access to that
3rd-party volume contents. Folsom setups making use of Cinder are not
affected.

Proposed patches:
See attached patches for the Folsom and Essex series. Unless a flaw is
discovered in them, these proposed patches will be merged to Nova
stable/folsom and stable/essex branches on the public disclosure date.
Comment 1 Kurt Seifried 2013-01-22 01:51:55 EST
Created attachment 684893 [details]
essex-CVE-2013-0208-1069904.patch
Comment 2 Kurt Seifried 2013-01-22 01:52:45 EST
Created attachment 684894 [details]
folsom-CVE-2013-0208-1069904.patch
Comment 7 Kurt Seifried 2013-01-25 00:10:59 EST
Created attachment 687206 [details]
essex-CVE-2013-0208-1069904-v2.patch
Comment 8 Kurt Seifried 2013-01-25 00:11:16 EST
Created attachment 687207 [details]
folsom-CVE-2013-0208-1069904-v2.patch
Comment 9 Kurt Seifried 2013-01-25 00:14:15 EST
Updated patches have been released, the old ones are incorrect and should not be used, I have marked them as obsolete.
Comment 10 Murray McAllister 2013-01-28 23:54:24 EST
Acknowledgements:

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Phil Day as the original reporter.
Comment 11 Kurt Seifried 2013-01-29 13:22:53 EST
This is now public: https://bugs.launchpad.net/nova/+bug/1069904
Comment 12 Pádraig Brady 2013-01-30 05:48:52 EST
Are there Fedora tracking bugs for this
(Fedora 17 for essex, and Fedora 18/EPEL6 for Folsom)
Comment 13 errata-xmlrpc 2013-01-30 16:07:55 EST
This issue has been addressed in following products:

  OpenStack Folsom for RHEL 6

Via RHSA-2013:0208 https://rhn.redhat.com/errata/RHSA-2013-0208.html