855335 – (CVE-2013-6419) VUL-0: CVE-2013-6419: openstack-nova: openstack-neutron: Metadata queries from Neutron to Nova are not restricted by tenant

Bug 855335 (CVE-2013-6419) - VUL-0: CVE-2013-6419: openstack-nova: openstack-neutron: Metadata queries from Neutron to Nova are not restricted by tenant

Summary: VUL-0: CVE-2013-6419: openstack-nova: openstack-neutron: Metadata queries fro...

Status:	RESOLVED FIXED

Alias:	CVE-2013-6419

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2014-04-17
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:56888:moderate
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-12-13 10:44 UTC by Alexander Bergmann
Modified:	2014-09-25 15:55 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2013-12-13 10:44:17 UTC

Public via oss-security:

OpenStack Security Advisory: 2013-033
CVE: CVE-2013-6419
Date: December 11, 2013
Title: Metadata queries from Neutron to Nova are not restricted by tenant
Reporter: Aaron Rosen (VMware)
Products: Neutron, Nova
Affects: All supported releases

Description:
Aaron Rosen from VMware reported a vulnerability in the metadata
access from OpenStack Neutron to Nova. Because of a missing
authorization check on port binding, by guessing an instance_id a
tenant may retrieve another tenant's metadata resulting in
information disclosure. Only OpenStack setups running
neutron-metadata-agent are affected.

Icehouse (development branch) fix:
https://review.openstack.org/61439 (neutron)
https://review.openstack.org/61428 (nova)

Havana fix:
https://review.openstack.org/61442 (neutron)
https://review.openstack.org/61435 (nova)

Grizzly fix:
https://review.openstack.org/61443 (neutron)
https://review.openstack.org/61437 (nova)

Notes:
This fix will be included in the icehouse-2 development milestone
and in a future 2013.2.1 release.


References:
http://comments.gmane.org/gmane.comp.security.oss.general/11675
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6419
https://bugzilla.redhat.com/show_bug.cgi?id=1039148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6419
https://launchpad.net/bugs/1235450

Comment 1 Swamp Workflow Management 2013-12-13 23:00:34 UTC

bugbot adjusting priority

Comment 2 Bernhard Wiedemann 2014-04-01 11:11:21 UTC

https://build.suse.de/request/show/35296 Cloud2.0 openstack-quantum
https://build.suse.de/request/show/35297 Cloud3 python-neutronclient
https://build.suse.de/request/show/35298 Cloud3 openstack-neutron

Comment 3 Swamp Workflow Management 2014-04-03 15:30:58 UTC

The SWAMPID for this issue is 56888.
This issue was rated as moderate.
Please submit fixed packages until 2014-04-17.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 4 Marcus Meissner 2014-06-20 12:20:01 UTC

was this released in the meantime? for cloud 3?

Comment 5 Vincent Untz 2014-06-20 12:51:04 UTC

We have the fixes in Cloud 3. I don't see any fix released for 2.0.