1078002 – (CVE-2014-0134) CVE-2014-0134 openstack-nova: Nova host data leak to vm instance in rescue mode

Bug 1078002 (CVE-2014-0134) - CVE-2014-0134 openstack-nova: Nova host data leak to vm instance in rescue mode

Summary: CVE-2014-0134 openstack-nova: Nova host data leak to vm instance in rescue mode

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-0134
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1054989 (view as bug list)
Depends On:	1054990 1078005 1119631 1119632 1119633
Blocks:	1079073
TreeView+	depends on / blocked

Reported:	2014-03-19 04:48 UTC by Garth Mollett
Modified:	2023-05-12 20:52 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-07-15 07:49:05 UTC
Embargoed:

Attachments	(Terms of Use)
havana patch (22.90 KB, patch) 2014-03-19 04:55 UTC, Garth Mollett	no flags	Details \| Diff
icehouse patch (22.77 KB, patch) 2014-03-19 04:56 UTC, Garth Mollett	no flags	Details \| Diff
Show Obsolete (2) View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2014:0578	0	normal	SHIPPED_LIVE	Moderate: openstack-nova security, bug fix, and enhancement update	2014-05-30 00:27:05 UTC

Description Garth Mollett 2014-03-19 04:48:41 UTC

Stanislaw Pitucha from Hewlett Packard reported a vulnerability in the
Nova instance rescue mode. By overwriting the disk inside an instance
with a malicious image and switching the instance to rescue mode, an
authenticated user would be able to leak an arbitrary file from the
compute host to the virtual instance. Note that the host file must be
readable by the libvirt/kvm context to be exposed. Only setups using
libvirt to spawn instance, and having "use_cow_images = False" in Nova
configuration are affected.

Comment 1 Garth Mollett 2014-03-19 04:55:37 UTC

Created attachment 876204 [details]
havana patch

Comment 2 Garth Mollett 2014-03-19 04:56:36 UTC

Created attachment 876205 [details]
icehouse patch

Comment 4 Vincent Danen 2014-03-27 16:51:38 UTC

Havana fix:

https://review.openstack.org/#/c/82841/

Icehouse fix:

https://review.openstack.org/#/c/82840/

The originally supplied patches are not used; the patches have been changed slightly as can be seen by the review links above.

Comment 5 Garth Mollett 2014-03-27 23:22:13 UTC

Acknowledgements:

Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Stanislaw Pitucha from Hewlett Packard as the original reporter.

Comment 6 Garth Mollett 2014-04-15 00:35:42 UTC

*** Bug 1054989 has been marked as a duplicate of this bug. ***

Comment 7 errata-xmlrpc 2014-05-29 20:35:32 UTC

This issue has been addressed in following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:0578 https://rhn.redhat.com/errata/RHSA-2014-0578.html

Comment 9 Garth Mollett 2014-07-15 07:48:06 UTC

Created openstack-nova tracking bugs for this issue:

Affects: fedora-all [bug 1119631]
Affects: epel-6 [bug 1119632]

Note You need to log in before you can comment on or make changes to this bug.