Bug 1293648 - Ciritical and High Security Vulnerabilites after RHOSP 7 director install
Ciritical and High Security Vulnerabilites after RHOSP 7 director install
Status: CLOSED CURRENTRELEASE
Product: Red Hat OpenStack
Classification: Red Hat
Component: Security (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
high Severity high
: ---
: 7.0 (Kilo)
Assigned To: Mike Burns
Shai Revivo
: Security, ZStream
Depends On:
Blocks: 1339488 1302938
  Show dependency treegraph
 
Reported: 2015-12-22 09:40 EST by Jeremy
Modified: 2016-10-12 15:59 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-10-12 15:59:07 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeremy 2015-12-22 09:40:42 EST
This week our Security Team have been doing a Security Audit on the dSN OpenStack environment.

The first results have been quite disturbing:

Critical Risk:
•	IPMI Cipher Suite Zero Authentication Bypass. The IPMI service listening on the remote system has cipher suite zero enabled, which permits logon as an administrator without requiring a password. Once logged in, a remote attacker may perform a variety of actions, including powering off the remote system.

High Risk: 
-	SNMP community “public” in several hosts.
-	IPMI v2.0 Password Hash Disclosure. The remote host supports IPMI v2.0. The Intelligent Platform Management Interface (IPMI) protocol is affected by an information disclosure vulnerability due to the support of RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. A remote attacker can obtain password hash information for valid user accounts via the HMAC from a RAKP message 2 response from a BMC.
-	VNC Server Unauthenticated Access
-	OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities (Heartbleed and others)
-	Dropbear SSH Server Channel Concurrency Use-after-free Remote Code Execution The remote host is running a version of Dropbear SSH before 2012.55. As such, it reportedly contains a flaw that might allow an attacker to run arbitrary code on the remote host with root privileges if they are authenticated using a public key and command restriction is enforced.

Medium Risk:
-	Vulnerabilities in SSL and TSL configuration (CRIME, BEAST, Poodle, Freak, Logjam)
-	Weak ciphers (RC4, Export ciphers)
-	TRACE method Enabled.

Note You need to log in before you can comment on or make changes to this bug.