Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1298295 - (CVE-2015-5295) CVE-2015-5295 openstack-heat: Vulnerability in Heat template validation leading to DoS
CVE-2015-5295 openstack-heat: Vulnerability in Heat template validation leadi...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20160119,repor...
: Security
Depends On: 1298808 1298809 1298810 1298811 1298812 1300090 1300091
Blocks: 1298296
  Show dependency treegraph
 
Reported: 2016-01-13 11:49 EST by Adam Mariš
Modified: 2016-04-26 17:45 EDT (History)
25 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A vulnerability was discovered in the OpenStack Orchestration service (heat), where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-14 05:58:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Master/mitaka patch (3.63 KB, patch)
2016-01-13 11:57 EST, Adam Mariš 		no flags Details | Diff
Stable/kilo patch (11.13 KB, patch)
2016-01-13 11:57 EST, Adam Mariš 		no flags Details | Diff
Stable/liberty patch (12.32 KB, patch)
2016-01-13 11:58 EST, Adam Mariš 		no flags Details | Diff
stable/juno patch (9.95 KB, patch)
2016-01-14 17:24 EST, Zane Bitter 		no flags Details | Diff
stable/icehouse patch (9.75 KB, patch)
2016-01-14 17:25 EST, Zane Bitter 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0266 normal SHIPPED_LIVE Moderate: openstack-heat bug fix and security advisory 2016-02-18 16:41:02 EST
Red Hat Product Errata RHSA-2016:0440 normal SHIPPED_LIVE Moderate: openstack-heat bug fix and security advisory 2016-03-14 09:24:23 EDT
Red Hat Product Errata RHSA-2016:0441 normal SHIPPED_LIVE Moderate: openstack-heat bug fix and security advisory 2016-03-14 09:24:11 EDT
Red Hat Product Errata RHSA-2016:0442 normal SHIPPED_LIVE Moderate: openstack-heat security advisory 2016-03-14 09:24:01 EDT

  None (edit)
Description Adam Mariš 2016-01-13 11:49:00 EST 
A vulnerability in Heat template validation was reported. By referencing a local file like /dev/zero, an authenticated user may trick the heat engine service to load arbitrary local file content resulting in a Denial of Service attack through memory exhaustion. Note that the file content is not written back to the user, though the user can determine if a file exists and if it is readable by heat-engine.

Affects versions <=2015.1.2, ==5.0.0. All Heat setups are affected.
Comment 1 Adam Mariš 2016-01-13 11:57 EST 
Created attachment 1114470 [details]
Master/mitaka patch
Comment 2 Adam Mariš 2016-01-13 11:57 EST 
Created attachment 1114471 [details]
Stable/kilo patch
Comment 3 Adam Mariš 2016-01-13 11:58 EST 
Created attachment 1114472 [details]
Stable/liberty patch
Comment 5 Zane Bitter 2016-01-14 17:24 EST 
Created attachment 1114967 [details]
stable/juno patch
Comment 6 Zane Bitter 2016-01-14 17:25 EST 
Created attachment 1114968 [details]
stable/icehouse patch
Comment 9 Garth Mollett 2016-01-19 18:15:05 EST 
Created openstack-heat tracking bugs for this issue:

Affects: fedora-all [bug 1300091]
Comment 10 Fedora Update System 2016-02-02 14:20:06 EST 
openstack-heat-2015.1.2-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Garth Mollett 2016-02-10 20:55:03 EST 
Acknowledgements:

This issue was discovered by Steven Hardy of Red Hat.
Comment 12 errata-xmlrpc 2016-02-18 11:42:34 EST 
This issue has been addressed in the following products:

  OpenStack 7 For RHEL 7

Via RHSA-2016:0266 https://rhn.redhat.com/errata/RHSA-2016-0266.html
Comment 13 errata-xmlrpc 2016-03-14 05:24:35 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7

Via RHSA-2016:0442 https://rhn.redhat.com/errata/RHSA-2016-0442.html
Comment 14 errata-xmlrpc 2016-03-14 05:25:17 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7

Via RHSA-2016:0441 https://rhn.redhat.com/errata/RHSA-2016-0441.html
Comment 15 errata-xmlrpc 2016-03-14 05:26:30 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6

Via RHSA-2016:0440 https://rhn.redhat.com/errata/RHSA-2016-0440.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.