Russel Bryant rbryant reports on behalf of the OpenStack Project: Title: Boot from volume allows access to random volumes Reporter: Phil Day (HP) Products: Nova Affects: Essex, Folsom Description: Phil Day from HP reported a vulnerability in volume attachment in nova-volume, affecting the boot-from-volume feature. By passing a specific volume ID, an authenticated user may be able to boot from a volume he doesn't own, potentially resulting in full access to that 3rd-party volume contents. Folsom setups making use of Cinder are not affected. Proposed patches: See attached patches for the Folsom and Essex series. Unless a flaw is discovered in them, these proposed patches will be merged to Nova stable/folsom and stable/essex branches on the public disclosure date.
Created attachment 684893 [details] essex-CVE-2013-0208-1069904.patch
Created attachment 684894 [details] folsom-CVE-2013-0208-1069904.patch
Created attachment 687206 [details] essex-CVE-2013-0208-1069904-v2.patch
Created attachment 687207 [details] folsom-CVE-2013-0208-1069904-v2.patch
Updated patches have been released, the old ones are incorrect and should not be used, I have marked them as obsolete.
Acknowledgements: Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Phil Day as the original reporter.
This is now public: https://bugs.launchpad.net/nova/+bug/1069904
Are there Fedora tracking bugs for this (Fedora 17 for essex, and Fedora 18/EPEL6 for Folsom)
This issue has been addressed in following products: OpenStack Folsom for RHEL 6 Via RHSA-2013:0208 https://rhn.redhat.com/errata/RHSA-2013-0208.html