Russell Bryant (rbryant) reports:
Title: VNC proxy can connect to the wrong VM
Reporter: Loganathan Parthipan (HP), Rohit Karajgi (NTT Data)
Affects: All versions
Loganathan Parthipan (HP) and Rohit Karajgi (NTT Data) independently
reported a vulnerability in Nova. If a user requests a console and
then deletes the VM, it is possible that the console token could allow
connectivity to a different VM before the console token expires if the
VNC port gets reused in that time period. This issue can be worked
around by disabling VNC support.
master (grizzly): https://review.openstack.org/#/c/22086/
Created attachment 702653 [details]
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Loganathan Parthipan (HP) and Rohit Karajgi (NTT Data) as the original, independent reporters.
This issue has been addressed in following products:
OpenStack Folsom for RHEL 6
Via RHSA-2013:0709 https://rhn.redhat.com/errata/RHSA-2013-0709.html