Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1272297 - (CVE-2015-5303) CVE-2015-5303 python-rdomanager-oscplugin: NeutronMetadataProxySharedSecret parameter uses default value
CVE-2015-5303 python-rdomanager-oscplugin: NeutronMetadataProxySharedSecret p...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20151209,repor...
: Security
Depends On: 1269786 1295289 1295291 1295337
Blocks: 1272303
  Show dependency treegraph
 
Reported: 2015-10-15 22:40 EDT by Summer Long
Modified: 2018-09-23 23:31 EDT (History)
26 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was discovered that Director's NeutronMetadataProxySharedSecret parameter remained specified at the default value of 'unset'. This value is used by OpenStack Networking to sign instance headers; if unchanged, an attacker knowing the shared secret could use this flaw to spoof OpenStack Networking metadata requests.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-04-07 20:23:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1516027 None None None Never
Red Hat Product Errata RHSA-2015:2650 normal SHIPPED_LIVE Moderate: Red Hat Enterprise Linux OpenStack Platform 7 director update 2015-12-21 16:44:54 EST

  None (edit)
Description Summer Long 2015-10-15 22:40:41 EDT 
Steven Hardy reports: Currently we don't set the NeutronMetadataProxySharedSecret, (which according to the description in the neutron docs exists to prevent spoofing) - thus is remains at it's bad default value of "unset".

I assume this has the potential for security impact given that if it's predictable I guess spoofing metadata requests then becomes possible, but not being a Neutron expert I'm not sure of how serious an issue this may be.
Comment 1 Summer Long 2015-11-09 20:04:37 EST 
Acknowledgements:

This issue was discovered by Steven Hardy of Red Hat.
Comment 2 Summer Long 2015-12-08 22:55:41 EST 
Upstream: https://bugs.launchpad.net/tripleo/+bug/1516027
Comment 3 errata-xmlrpc 2015-12-21 11:51:51 EST 
This issue has been addressed in the following products:

  OpenStack 7.0 Director/Manager for RHEL 7

Via RHSA-2015:2650 https://access.redhat.com/errata/RHSA-2015:2650
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.