Home page logo
/

oss-sec logo oss-sec mailing list archives

[OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)
From: Russell Bryant <rbryant () redhat com>
Date: Tue, 26 Feb 2013 13:34:54 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OpenStack Security Advisory: 2013-006
CVE: CVE-2013-0335
Date: February 26, 2013
Title: VNC proxy can connect to the wrong VM
Reporter: Loganathan Parthipan (HP), Rohit Karajgi (NTT Data)
Products: Nova
Affects: All versions

Description:
Loganathan Parthipan (HP) and Rohit Karajgi (NTT Data) independently
reported a vulnerability in Nova. If a user requests a console and
then deletes the VM, it is possible that the console token could allow
connectivity to a different VM before the console token expires if the
VNC port gets reused in that time period. This issue can be worked
around by disabling VNC support.

Fixes:
master (grizzly): https://review.openstack.org/#/c/22086/
stable/folsom: https://review.openstack.org/#/c/22758
stable/essex: https://review.openstack.org/#/c/22872/

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0335
https://bugs.launchpad.net/nova/+bug/1125378

- -- 
Russell Bryant
OpenStack Vulnerability Management Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlEtAE4ACgkQFg9ft4s9SAZKLwCePGfNZAYdx2mjM2hWHt26Kff6
2HAAn38YuA93O4wg7SDUtcXar1Yr0d9q
=sVp/
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335) Russell Bryant (Feb 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault