Bug 1263511 (CVE-2015-5251) - CVE-2015-5251 openstack-glance allows illegal modification of image status
Summary: CVE-2015-5251 openstack-glance allows illegal modification of image status
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-5251
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1264707 1264708 1264709 1264710 1270680 1270681
Blocks: 1263515
TreeView+ depends on / blocked
 
Reported: 2015-09-16 03:23 UTC by Summer Long
Modified: 2019-09-29 13:36 UTC (History)
19 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A flaw was discovered in the OpenStack Image service (glance) where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to reactivate disabled images, bypass storage quotas, and in some cases replace image contents (where they have owner access). Setups using the Image service's v1 API could allow the illegal modification of image status. Additionally, setups which also use the v2 API could allow a subsequent re-upload of image contents.
Clone Of:
Environment:
Last Closed: 2015-10-15 21:41:13 UTC


Attachments (Terms of Use)
Upstream patch-Kilo (9.05 KB, patch)
2015-09-18 01:14 UTC, Summer Long
no flags Details | Diff
Upstream patch-Juno (9.13 KB, patch)
2015-09-18 01:14 UTC, Summer Long
no flags Details | Diff
Upstream patch-Liberty (8.99 KB, patch)
2015-09-18 01:14 UTC, Summer Long
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1897 normal SHIPPED_LIVE Moderate: openstack-glance security update 2015-10-15 16:29:01 UTC

Description Summer Long 2015-09-16 03:23:51 UTC
Vulnerability in Glance. By submitting a HTTP PUT request with a 'x-image-meta-status' header, a tenant can manipulate the status of their images. A malicious tenant may exploit this flaw to reactivate disabled images, bypass storage quotas and in some cases replace image contents. Setups using the Glance v1 API allow the illegal modification of image status. Setups which also use the v2 API may allow a subsequent re-upload of image contents.

Acknowledgements:

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Hemanth Makkapati of Rackspace as the original reporter.

Comment 1 Summer Long 2015-09-18 01:14:03 UTC
Created attachment 1074617 [details]
Upstream patch-Kilo

Comment 2 Summer Long 2015-09-18 01:14:29 UTC
Created attachment 1074618 [details]
Upstream patch-Juno

Comment 3 Summer Long 2015-09-18 01:14:59 UTC
Created attachment 1074619 [details]
Upstream patch-Liberty

Comment 5 Summer Long 2015-10-12 06:44:38 UTC
Created openstack-glance tracking bugs for this issue:

Affects: fedora-all [bug 1270680]
Affects: openstack-rdo [bug 1270681]

Comment 6 errata-xmlrpc 2015-10-15 12:32:42 UTC
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 6
  OpenStack 5 for RHEL 7
  OpenStack 6 for RHEL 7
  OpenStack 7 For RHEL 7

Via RHSA-2015:1897 https://rhn.redhat.com/errata/RHSA-2015-1897.html


Note You need to log in before you can comment on or make changes to this bug.