Bug 1078002 – CVE-2014-0134 openstack-nova: Nova host data leak to vm instance in rescue mode

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1078002 - (CVE-2014-0134) CVE-2014-0134 openstack-nova: Nova host data leak to vm instance in rescue mode

Summary:	CVE-2014-0134 openstack-nova: Nova host data leak to vm instance in rescue mode

Status:	CLOSED ERRATA

Aliases:	CVE-2014-0134

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20140325,repor...
Keywords:	Security

Duplicates:	1054989 (view as bug list)
Depends On:	1119633 1054990 1078005 1119631 1119632
Blocks:	1079073
	Show dependency tree / graph

Reported:	2014-03-19 00:48 EDT by Garth Mollett
Modified:	2016-04-26 14:31 EDT (History)
CC List:	14 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2014-07-15 03:49:05 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
havana patch (22.90 KB, patch) 2014-03-19 00:55 EDT, Garth Mollett	no flags	Details \| Diff
icehouse patch (22.77 KB, patch) 2014-03-19 00:56 EDT, Garth Mollett	no flags	Details \| Diff
Show Obsolete (2) Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2014:0578	normal	SHIPPED_LIVE	Moderate: openstack-nova security, bug fix, and enhancement update	2014-05-29 20:27:05 EDT

Groups: None (edit)

Description Garth Mollett 2014-03-19 00:48:41 EDT

Stanislaw Pitucha from Hewlett Packard reported a vulnerability in the
Nova instance rescue mode. By overwriting the disk inside an instance
with a malicious image and switching the instance to rescue mode, an
authenticated user would be able to leak an arbitrary file from the
compute host to the virtual instance. Note that the host file must be
readable by the libvirt/kvm context to be exposed. Only setups using
libvirt to spawn instance, and having "use_cow_images = False" in Nova
configuration are affected.

Comment 1 Garth Mollett 2014-03-19 00:55:37 EDT

Created attachment 876204 [details]
havana patch

Comment 2 Garth Mollett 2014-03-19 00:56:36 EDT

Created attachment 876205 [details]
icehouse patch

Comment 4 Vincent Danen 2014-03-27 12:51:38 EDT

Havana fix:

https://review.openstack.org/#/c/82841/

Icehouse fix:

https://review.openstack.org/#/c/82840/

The originally supplied patches are not used; the patches have been changed slightly as can be seen by the review links above.

Comment 5 Garth Mollett 2014-03-27 19:22:13 EDT

Acknowledgements:

Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Stanislaw Pitucha from Hewlett Packard as the original reporter.

Comment 6 Garth Mollett 2014-04-14 20:35:42 EDT

*** Bug 1054989 has been marked as a duplicate of this bug. ***

Comment 7 errata-xmlrpc 2014-05-29 16:35:32 EDT

This issue has been addressed in following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:0578 https://rhn.redhat.com/errata/RHSA-2014-0578.html

Comment 9 Garth Mollett 2014-07-15 03:48:06 EDT

Created openstack-nova tracking bugs for this issue:

Affects: fedora-all [bug 1119631]
Affects: epel-6 [bug 1119632]

Note You need to log in before you can comment on or make changes to this bug.