1434244 – (CVE-2017-7200) CVE-2017-7200 openstack-glance: API v1 copy_from reveals network details

Bug 1434244 (CVE-2017-7200) - CVE-2017-7200 openstack-glance: API v1 copy_from reveals network details

Summary: CVE-2017-7200 openstack-glance: API v1 copy_from reveals network details

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2017-7200
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1436509 1436510 1436511 1436512
Blocks:	1432713
TreeView+	depends on / blocked

Reported:	2017-03-21 05:31 UTC by Summer Long
Modified:	2021-02-17 02:26 UTC (History)
CC List:	19 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	The copy_from feature in Image Service API v1 allows an attacker to perform masked network port scans. It is possible to create images with a URL such as 'http://localhost:22'. This could allow an attacker to enumerate internal network details while appearing masked, because the scan appears to originate from the Image Service. This is classified as a Server-Side Request Forgery (SSRF). Note: Some knowledge of the internal network might be necessary to exploit this flaw internally (apart from localhost).
Clone Of:
Environment:
Last Closed:	2017-05-08 03:45:01 UTC
Embargoed:

Attachments	(Terms of Use)

Description Summer Long 2017-03-21 05:31:24 UTC

The copy_from feature in Image Service API v1 allowed an attacker to perform masked network port scans. It was possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance image service.

Comment 1 Summer Long 2017-03-21 05:31:39 UTC

External References:

https://wiki.openstack.org/wiki/OSSN/OSSN-0078
https://bugs.launchpad.net/ossn/+bug/1606495
https://bugs.launchpad.net/ossn/+bug/1153614

Comment 12 Summer Long 2017-05-08 02:28:02 UTC

Statement:

Because the Image Service APIv1 was deprecated in Newton and because a workaround is possible, no fix is being made available.

For impacted products and the recommended mitigation, see the Knowledge Base article for this issue:
https://access.redhat.com/security/vulnerabilities/2999581

Note You need to log in before you can comment on or make changes to this bug.