Bug 1272297 - (CVE-2015-5303) CVE-2015-5303 python-rdomanager-oscplugin: NeutronMetadataProxySharedSecret parameter uses default value
CVE-2015-5303 python-rdomanager-oscplugin: NeutronMetadataProxySharedSecret p...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 1269786 1295289 1295291 1295337
Blocks: 1272303
  Show dependency treegraph
Reported: 2015-10-15 22:40 EDT by Summer Long
Modified: 2016-04-26 19:15 EDT (History)
23 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was discovered that Director's NeutronMetadataProxySharedSecret parameter remained specified at the default value of 'unset'. This value is used by OpenStack Networking to sign instance headers; if unchanged, an attacker knowing the shared secret could use this flaw to spoof OpenStack Networking metadata requests.
Story Points: ---
Clone Of:
Last Closed: 2016-04-07 20:23:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1516027 None None None Never

  None (edit)
Description Summer Long 2015-10-15 22:40:41 EDT
Steven Hardy reports: Currently we don't set the NeutronMetadataProxySharedSecret, (which according to the description in the neutron docs exists to prevent spoofing) - thus is remains at it's bad default value of "unset".

I assume this has the potential for security impact given that if it's predictable I guess spoofing metadata requests then becomes possible, but not being a Neutron expert I'm not sure of how serious an issue this may be.
Comment 1 Summer Long 2015-11-09 20:04:37 EST

This issue was discovered by Steven Hardy of Red Hat.
Comment 2 Summer Long 2015-12-08 22:55:41 EST
Upstream: https://bugs.launchpad.net/tripleo/+bug/1516027
Comment 3 errata-xmlrpc 2015-12-21 11:51:51 EST
This issue has been addressed in the following products:

  OpenStack 7.0 Director/Manager for RHEL 7

Via RHSA-2015:2650 https://access.redhat.com/errata/RHSA-2015:2650

Note You need to log in before you can comment on or make changes to this bug.