Bug 1078002 (CVE-2014-0134) - CVE-2014-0134 openstack-nova: Nova host data leak to vm instance in rescue mode
Summary: CVE-2014-0134 openstack-nova: Nova host data leak to vm instance in rescue mode
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-0134
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1054989 (view as bug list)
Depends On: 1054990 1078005 1119631 1119632 1119633
Blocks: 1079073
TreeView+ depends on / blocked
 
Reported: 2014-03-19 04:48 UTC by Garth Mollett
Modified: 2021-02-17 06:45 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-07-15 07:49:05 UTC


Attachments (Terms of Use)
havana patch (22.90 KB, patch)
2014-03-19 04:55 UTC, Garth Mollett
no flags Details | Diff
icehouse patch (22.77 KB, patch)
2014-03-19 04:56 UTC, Garth Mollett
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:0578 0 normal SHIPPED_LIVE Moderate: openstack-nova security, bug fix, and enhancement update 2014-05-30 00:27:05 UTC

Description Garth Mollett 2014-03-19 04:48:41 UTC
Stanislaw Pitucha from Hewlett Packard reported a vulnerability in the
Nova instance rescue mode. By overwriting the disk inside an instance
with a malicious image and switching the instance to rescue mode, an
authenticated user would be able to leak an arbitrary file from the
compute host to the virtual instance. Note that the host file must be
readable by the libvirt/kvm context to be exposed. Only setups using
libvirt to spawn instance, and having "use_cow_images = False" in Nova
configuration are affected.

Comment 1 Garth Mollett 2014-03-19 04:55:37 UTC
Created attachment 876204 [details]
havana patch

Comment 2 Garth Mollett 2014-03-19 04:56:36 UTC
Created attachment 876205 [details]
icehouse patch

Comment 4 Vincent Danen 2014-03-27 16:51:38 UTC
Havana fix:

https://review.openstack.org/#/c/82841/

Icehouse fix:

https://review.openstack.org/#/c/82840/

The originally supplied patches are not used; the patches have been changed slightly as can be seen by the review links above.

Comment 5 Garth Mollett 2014-03-27 23:22:13 UTC
Acknowledgements:

Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Stanislaw Pitucha from Hewlett Packard as the original reporter.

Comment 6 Garth Mollett 2014-04-15 00:35:42 UTC
*** Bug 1054989 has been marked as a duplicate of this bug. ***

Comment 7 errata-xmlrpc 2014-05-29 20:35:32 UTC
This issue has been addressed in following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:0578 https://rhn.redhat.com/errata/RHSA-2014-0578.html

Comment 9 Garth Mollett 2014-07-15 07:48:06 UTC
Created openstack-nova tracking bugs for this issue:

Affects: fedora-all [bug 1119631]
Affects: epel-6 [bug 1119632]


Note You need to log in before you can comment on or make changes to this bug.