Bug 1039148 (CVE-2013-6419) - CVE-2013-6419 OpenStack Neutron and Nova: Metadata queries from Neutron to Nova are not restricted by tenant
Summary: CVE-2013-6419 OpenStack Neutron and Nova: Metadata queries from Neutron to No...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-6419
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1039154 1039161
Blocks: 1023240 1039152
TreeView+ depends on / blocked
 
Reported: 2013-12-06 19:07 UTC by Kurt Seifried
Modified: 2021-02-17 07:06 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-07-15 07:13:08 UTC


Attachments (Terms of Use)
cve-2013-6419-neutron-master-icehouse.patch (13.87 KB, patch)
2013-12-06 19:27 UTC, Kurt Seifried
no flags Details | Diff
cve-2013-6419-neutron-stable-grizzly.patch (9.21 KB, patch)
2013-12-06 19:27 UTC, Kurt Seifried
no flags Details | Diff
cve-2013-6419-neutron-stable-havana.patch (11.54 KB, patch)
2013-12-06 19:27 UTC, Kurt Seifried
no flags Details | Diff
cve-2013-6419-nova-master-icehouse.patch (10.21 KB, patch)
2013-12-06 19:28 UTC, Kurt Seifried
no flags Details | Diff
cve-2013-6419-nova-stable-grizzly.patch (5.58 KB, patch)
2013-12-06 19:28 UTC, Kurt Seifried
no flags Details | Diff
cve-2013-6419-nova-stable-havana.patch (7.61 KB, patch)
2013-12-06 19:28 UTC, Kurt Seifried
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:0091 0 normal SHIPPED_LIVE Moderate: openstack-neutron security, bug fix, and enhancement update 2014-01-22 23:31:15 UTC
Red Hat Product Errata RHSA-2014:0231 0 normal SHIPPED_LIVE Moderate: openstack-nova security and bug fix update 2014-03-05 00:00:29 UTC

Description Kurt Seifried 2013-12-06 19:07:39 UTC
Jeremy Stanley of the OpenStack	Project	reports:

Aaron Rosen from VMware reported a vulnerability in the metadata
access from OpenStack Neutron to Nova. Because of a missing
authorization check on port binding, by guessing an instance_id a
tenant may retrieve another tenant's metadata resulting in
information disclosure. Only OpenStack setups running
neutron-metadata-agent are affected.

Comment 2 Kurt Seifried 2013-12-06 19:27:09 UTC
Created attachment 833732 [details]
cve-2013-6419-neutron-master-icehouse.patch

Comment 3 Kurt Seifried 2013-12-06 19:27:30 UTC
Created attachment 833733 [details]
cve-2013-6419-neutron-stable-grizzly.patch

Comment 4 Kurt Seifried 2013-12-06 19:27:53 UTC
Created attachment 833734 [details]
cve-2013-6419-neutron-stable-havana.patch

Comment 5 Kurt Seifried 2013-12-06 19:28:11 UTC
Created attachment 833735 [details]
cve-2013-6419-nova-master-icehouse.patch

Comment 6 Kurt Seifried 2013-12-06 19:28:41 UTC
Created attachment 833736 [details]
cve-2013-6419-nova-stable-grizzly.patch

Comment 7 Kurt Seifried 2013-12-06 19:28:58 UTC
Created attachment 833737 [details]
cve-2013-6419-nova-stable-havana.patch

Comment 8 Kurt Seifried 2013-12-06 19:31:59 UTC
Acknowledgements: 

Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Aaron Rosen of VMware as the original reporter.

Comment 13 errata-xmlrpc 2014-01-22 18:31:59 UTC
This issue has been addressed in following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:0091 https://rhn.redhat.com/errata/RHSA-2014-0091.html

Comment 15 errata-xmlrpc 2014-03-04 19:04:04 UTC
This issue has been addressed in following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:0231 https://rhn.redhat.com/errata/RHSA-2014-0231.html


Note You need to log in before you can comment on or make changes to this bug.