openstack/ossa
Code Issues Proposed changes

import if OSSA-2014-0[29..39]

Browse Source
This commit is contained in:
Grant Murphy
2014-11-07 14:02:52 +10:00
parent afc7804936
commit 02cc4571eb
10 changed files with 643 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
OSSA-2014-029.yaml Normal file
View File

@@ -0,0 +1,62 @@
date: 2014-09-16
id: OSSA-2014-029
title: 'Configuration option leak through Keystone catalog'
description: 'Brant Knudson from IBM reported a vulnerability in Keystone catalog url
replacement. By creating a malicious endpoint a privileged user may
reveal configuration options resulting in sensitive information, like
master admin_token, being exposed through the service url. All Keystone
setups that allow non-admin users to create endpoints are affected.'
reference: http://lists.openstack.org/pipermail/openstack-announce/2014-September/000275.html
affected-products:
- product: keystone
version: up to 2013.2.3 and 2014.1 versions up to 2014.1.2.1
vulnerabilities:
- cve-id: CVE-2014-3621
impact-assessment:
source: 'Red Hat Product Security'
rating: important
assessment:
type: CVSS2
score: 3.6
detail: AV:N/AC:H/Au:S/C:P/I:P/A:N
classification:
source: 'Red Hat Product Security'
type: CWE
detail: CWE-200
reporters:
- name: 'Brant Knudson'
affiliation: IBM
reported:
- CVE-2014-3621
issues:
links:
- https://launchpad.net/bugs/1354208
type: launchpad
reviews:
juno:
- https://review.openstack.org/121889
icehouse:
- https://review.openstack.org/121890
havana:
- https://review.openstack.org/121891
type: gerrit

64
OSSA-2014-030.yaml Normal file
View File

@@ -0,0 +1,64 @@
date: 2014-09-25
id: OSSA-2014-030
title: 'TLS cert verification option not honoured in paste configs'
description: 'Qin Zhao from IBM reported a vulnerability in keystonemiddleware
(formerly shipped as python-keystoneclient). When the "insecure" option
is set in a paste configuration file it is effectively ignored,
regardless of its value. As a result certificate verification will be
disabled, leaving TLS connections open to MITM attacks. All versions of
keystonemiddleware with TLS settings configured via a paste.ini file are
affected by this flaw.'
reference: http://lists.openstack.org/pipermail/openstack-announce/2014-September/000281.html
affected-products:
- product: keystonemiddleware
version: versions up to 1.1.1
- product: python-keystoneclient
version: versions up to 0.10.1
vulnerabilities:
- cve-id: CVE-2014-7144
impact-assessment:
source: 'Red Hat Product Security'
rating: moderate
assessment:
type: CVSS2
score: 4.3
detail: AV:N/AC:M/Au:N/C:N/I:P/A:N
classification:
source: 'Red Hat Product Security'
type: CWE
detail: CWE-295
reporters:
- name: 'Qin Zhao'
affiliation: IBM
reported:
- CVE-2014-7144
issues:
links:
- https://launchpad.net/bugs/1353315
type: launchpad
reviews:
keystonemiddleware-1.2.0:
- https://review.openstack.org/113191
python-keystone-0.11.0:
- https://review.openstack.org/112232
type: gerrit

60
OSSA-2014-031.yaml Normal file
View File

@@ -0,0 +1,60 @@
date: 2014-09-29
id: OSSA-2014-031
title: 'Admin-only network attributes may be reset to defaults by non-privileged users'
description: 'Elena Ezhova from Mirantis reported a vulnerability in Neutron.
By updating a network attribute with a default value a non-privileged
user may reset admin-only network attributes. This may lead to unexpected
behavior with security implications for operators with a custom policy.json,
or in some extreme cases network outages resulting in denial of service.
All deployments using neutron networking are affected by this flaw.'
reference: http://lists.openstack.org/pipermail/openstack-announce/2014-September/000285.html
affected-products:
- product: neutron
version: up to 2013.2.4 and 2014.1 versions up to 2014.1.2
vulnerabilities:
- cve-id: CVE-2014-6414
impact-assessment:
source: 'Red Hat Product Security'
rating: moderate
assessment:
type: CVSS2
score: 4.0
detail: AV:N/AC:L/Au:S/C:N/I:N/A:P
classification:
source: 'Red Hat Product Security'
type: CWE
detail: CWE-862
reporters:
- name: 'Elena Ezhova'
affiliation: Mirantis
reported:
- CVE-2014-6414
issues:
links:
- https://launchpad.net/bugs/1357379
type: launchpad
reviews:
juno:
- https://review.openstack.org/114531
icehouse:
- https://review.openstack.org/123849
type: gerrit

62
OSSA-2014-032.yaml Normal file
View File

@@ -0,0 +1,62 @@
date: 2014-10-02
id: OSSA-2014-032
title: 'Nova VMware driver still leaks rescued images'
description: 'Garth Mollett from Red Hat reported an incomplete fix
to OSSA-2014-017 (CVE-2014-2573), a vulnerability affecting Nova.
If an authenticated user places an instance into rescue, and then
issues a suspend command it will cause the instance to enter an
ERROR state. Nova does not clean up an instance in this state
correctly upon deletion. An attacker can use this to launch a
denial of service attack. Only setups using the Nova VMware
driver are affected by this flaw.'
reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000287.html
affected-products:
- product: nova
version: up to 2014.1.2
vulnerabilities:
- cve-id: CVE-2014-3608
impact-assessment:
source: 'Red Hat Product Security'
rating: moderate
assessment:
type: CVSS2
score: 4.0
detail: AV:N/AC:L/Au:S/C:N/I:N/A:P
classification:
source: 'Red Hat Product Security'
type: CWE
detail: CWE-772
reporters:
- name: 'Garth Mollett'
affiliation: Red Hat
reported:
- CVE-2014-3608
issues:
links:
- https://launchpad.net/bugs/1338830
type: launchpad
reviews:
juno:
- https://review.openstack.org/94281
icehouse:
- https://review.openstack.org/109624
type: gerrit

64
OSSA-2014-033.yaml Normal file
View File

@@ -0,0 +1,64 @@
date: 2014-10-02
id: OSSA-2014-033
title: 'Cinder-volume host data leak to vm instance'
description: 'Duncan Thomas from Hewlett Packard reported a vulnerability in Cinder
GlusterFS and Linux Smbfs drivers. By overwriting a volume from within
an instance with a malicious qcow2 header, an authenticated user may be
able to clone and attach that corrupted volume resulting in affected
drivers leaking an arbitrary file from the Cinder-volume host to the
virtual instance. Note that the host file must be readable by the Cinder
context to be exposed. Only Cinder setups using GlusterFS volume driver
configured with glusterfs_qcow2_volumes=False (which is the default) or
Cinder setups using Smbfs volume driver configured with
smbfs_default_volume_format=raw (which is not the default) are affected.'
reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000288.html
affected-products:
- product: cinder
version: up to 2014.1.2
vulnerabilities:
- cve-id: CVE-2014-3641
impact-assessment:
source: 'Red Hat Product Security'
rating: moderate
assessment:
type: CVSS2
score: 3.5
detail: AV:N/AC:M/Au:S/C:P/I:N/A:N
classification:
source: 'Red Hat Product Security'
type: CWE
detail: CWE-200
reporters:
- name: 'Duncan Thomas'
affiliation: Hewlett Packard
reported:
- CVE-2014-3641
issues:
links:
- https://launchpad.net/bugs/1350504
type: launchpad
reviews:
juno:
- https://review.openstack.org/125671
icehouse:
- https://review.openstack.org/125710
type: gerrit

58
OSSA-2014-034.yaml Normal file
View File

@@ -0,0 +1,58 @@
date: 2014-10-09
id: OSSA-2014-034
title: 'Swift metadata constraints are not correctly enforced'
description: 'Rajaneesh Singh reported a vulnerability in the way Swift enforces
metadata constraints. By adding metadata in several separate calls, an
authenticated attacker can bypass the max_meta_count constraint,
potentially resulting in the storage of more metadata than allowed in
configuration.'
reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000291.html
affected-products:
- product: swift
version: up to 2.1.0
vulnerabilities:
- cve-id: CVE-2014-7960
impact-assessment:
source: 'Red Hat Product Security'
rating: moderate
assessment:
type: CVSS2
score: 4
detail: AV:N/AC:L/Au:S/C:N/I:N/A:P
classification:
source: 'Red Hat Product Security'
type: CWE
detail: CWE-400
reporters:
- name: 'Rajaneesh Singh'
affiliation: UNKNOWN
reported:
- CVE-2014-7960
issues:
links:
- https://launchpad.net/bugs/1365350
type: launchpad
reviews:
juno:
- https://review.openstack.org/125360
icehouse:
- https://review.openstack.org/126645
type: gerrit

59
OSSA-2014-035.yaml Normal file
View File

@@ -0,0 +1,59 @@
date: 2014-10-14
id: OSSA-2014-035
title: "Nova VMware driver may connect VNC to another tenant's console"
description: 'Marcio Roberto Starke reported a vulnerability in the Nova VMware
driver. A race condition in its VNC port allocation may cause it to
connect the wrong console if instances are created concurrently. By
repeatedly spawning new instances, an authenticated user may be able
to gain unauthorized console access to instances belonging to other
tenants. Only Nova setups using the VMware driver and the VNC proxy
service are affected.'
reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html
affected-products:
- product: nova
version: up to 2014.1.3
vulnerabilities:
- cve-id: CVE-2014-8750
impact-assessment:
source: 'Red Hat Product Security'
rating: important
assessment:
type: CVSS2
score: 6.0
detail: AV:N/AC:M/Au:S/C:P/I:P/A:P
classification:
source: 'Red Hat Product Security'
type: CWE
detail: CWE-362
reporters:
- name: 'Marcio Roberto Starke'
affiliation: UNKNOWN
reported:
- CVE-2014-8750
issues:
links:
- https://launchpad.net/bugs/1357372
type: launchpad
reviews:
juno:
- https://review.openstack.org/114548
icehouse:
- https://review.openstack.org/126425
type: gerrit

95
OSSA-2014-036.yaml Normal file
View File

@@ -0,0 +1,95 @@
date: 2014-10-15
id: OSSA-2014-036
title: 'Potential leak of passwords into log files'
description: "Amrith Kumar from Tesora reported two vulnerabilities in the
processutils.execute() and strutils.mask_password() functions available
from oslo-incubator that are copied into each project's code. An
attacker with read access to the services' logs may obtain passwords
used as a parameter of a command that has failed (CVE-2014-7230) or when
mask_password did not mask passwords properly (CVE-2014-7231). All
Cinder, Nova and Trove setups are affected."
reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000294.html
affected-products:
- product: nova
version: up to 2014.1.3
- product: cinder
version: up to 2014.1.3
- product: trove
version: up to 2014.1.2
vulnerabilities:
- cve-id: CVE-2014-7230
impact-assessment:
source: 'Red Hat Product Security'
rating: low
assessment:
type: CVSS2
score: 2.1
detail: AV:L/AC:L/Au:N/C:P/I:N/A:N
classification:
source: 'Red Hat Product Security'
type: CWE
detail: CWE-533
- cve-id: CVE-2014-7231
impact-assessment:
source: 'Red Hat Product Security'
rating: low
assessment:
type: CVSS2
score: 2.1
detail: AV:L/AC:L/Au:N/C:P/I:N/A:N
classification:
source: 'Red Hat Product Security'
type: CWE
detail: CWE-533
reporters:
- name: 'Amrith Kumar'
affiliation: Tesora
reported:
- CVE-2014-7230
- CVE-2014-7231
issues:
links:
- https://launchpad.net/bugs/1377981
- https://launchpad.net/bugs/1343604
- https://launchpad.net/bugs/1345233
type: launchpad
reviews:
kilo:
- https://review.openstack.org/116927
- https://review.openstack.org/126052
- https://review.openstack.org/116982
- https://review.openstack.org/126047
- https://review.openstack.org/121417
juno:
- https://review.openstack.org/126594
- https://review.openstack.org/126592
icehouse:
- https://review.openstack.org/121382
- https://review.openstack.org/126665
- https://review.openstack.org/121096
- https://review.openstack.org/126699
- https://review.openstack.org/121416
type: gerrit

59
OSSA-2014-037.yaml Normal file
View File

@@ -0,0 +1,59 @@
date: 2014-10-21
id: OSSA-2014-037
title: 'Nova VMware instance in resize state may leak'
description: 'Zhu Zhu from IBM reported a vulnerability in Nova VMware driver. If an
authenticated user deletes an instance while it is in resize state, it
will cause the original instance to not be deleted. An attacker can use
this to launch a denial of service attack. All Nova VMware setups are
affected.'
reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html
affected-products:
- product: nova
version: up to 2014.1.3
vulnerabilities:
- cve-id: CVE-2014-8333
impact-assessment:
source: 'Red Hat Product Security'
rating: moderate
assessment:
type: CVSS2
score: 4.0
detail: AV:N/AC:L/Au:S/C:N/I:N/A:P
classification:
source: 'Red Hat Product Security'
type: CWE
detail: CWE-772
reporters:
- name: 'Zhu Zhu'
affiliation: IBM
reported:
- CVE-2014-8333
issues:
links:
- https://launchpad.net/bugs/1359138
type: launchpad
reviews:
juno:
- https://review.openstack.org/118595
icehouse:
- https://review.openstack.org/125492
type: gerrit

60
OSSA-2014-038.yaml Normal file
View File

@@ -0,0 +1,60 @@
date: 2014-10-28
id: OSSA-2014-038
title: 'Nova network DoS through API filtering'
description: 'Mohammed Naser from Vexxhost reported a vulnerability in Nova API
filters. By listing active servers using an ip filter, an authenticated
user may overload nova-network or neutron-server process, resulting in a
denial of services. All Nova setups are affected.'
reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html
affected-products:
- product: nova
version: up to 2014.1.3, and 2014.2
vulnerabilities:
- cve-id: CVE-2014-3708
impact-assessment:
source: 'Red Hat Product Security'
rating: moderate
assessment:
type: CVSS2
score: 4.0
detail: AV:N/AC:L/Au:S/C:N/I:N/A:P
classification:
source: 'Red Hat Product Security'
type: CWE
detail: CWE-400
reporters:
- name: 'Mohammed Naser'
affiliation: Vexxhost
reported:
- CVE-2014-3708
issues:
links:
- https://launchpad.net/bugs/1358583
type: launchpad
reviews:
kilo:
- https://review.openstack.org/131460
juno:
- https://review.openstack.org/131462
icehouse:
- https://review.openstack.org/131461
type: gerrit