From 02cc4571eb42b6a2ed7f102a6ef6fa27004b022b Mon Sep 17 00:00:00 2001 From: Grant Murphy Date: Fri, 7 Nov 2014 14:02:52 +1000 Subject: [PATCH] import if OSSA-2014-0[29..39] --- OSSA-2014-029.yaml | 62 ++++++++++++++++++++++++++++++ OSSA-2014-030.yaml | 64 +++++++++++++++++++++++++++++++ OSSA-2014-031.yaml | 60 +++++++++++++++++++++++++++++ OSSA-2014-032.yaml | 62 ++++++++++++++++++++++++++++++ OSSA-2014-033.yaml | 64 +++++++++++++++++++++++++++++++ OSSA-2014-034.yaml | 58 ++++++++++++++++++++++++++++ OSSA-2014-035.yaml | 59 ++++++++++++++++++++++++++++ OSSA-2014-036.yaml | 95 ++++++++++++++++++++++++++++++++++++++++++++++ OSSA-2014-037.yaml | 59 ++++++++++++++++++++++++++++ OSSA-2014-038.yaml | 60 +++++++++++++++++++++++++++++ 10 files changed, 643 insertions(+) create mode 100644 OSSA-2014-029.yaml create mode 100644 OSSA-2014-030.yaml create mode 100644 OSSA-2014-031.yaml create mode 100644 OSSA-2014-032.yaml create mode 100644 OSSA-2014-033.yaml create mode 100644 OSSA-2014-034.yaml create mode 100644 OSSA-2014-035.yaml create mode 100644 OSSA-2014-036.yaml create mode 100644 OSSA-2014-037.yaml create mode 100644 OSSA-2014-038.yaml diff --git a/OSSA-2014-029.yaml b/OSSA-2014-029.yaml new file mode 100644 index 0000000..ae6e5f8 --- /dev/null +++ b/OSSA-2014-029.yaml @@ -0,0 +1,62 @@ +date: 2014-09-16 + +id: OSSA-2014-029 + +title: 'Configuration option leak through Keystone catalog' + +description: 'Brant Knudson from IBM reported a vulnerability in Keystone catalog url + replacement. By creating a malicious endpoint a privileged user may + reveal configuration options resulting in sensitive information, like + master admin_token, being exposed through the service url. All Keystone + setups that allow non-admin users to create endpoints are affected.' + + +reference: http://lists.openstack.org/pipermail/openstack-announce/2014-September/000275.html + +affected-products: + + - product: keystone + version: up to 2013.2.3 and 2014.1 versions up to 2014.1.2.1 + +vulnerabilities: + + - cve-id: CVE-2014-3621 + impact-assessment: + source: 'Red Hat Product Security' + rating: important + assessment: + type: CVSS2 + score: 3.6 + detail: AV:N/AC:H/Au:S/C:P/I:P/A:N + classification: + source: 'Red Hat Product Security' + type: CWE + detail: CWE-200 + +reporters: + + - name: 'Brant Knudson' + affiliation: IBM + reported: + - CVE-2014-3621 + + +issues: + + links: + - https://launchpad.net/bugs/1354208 + + type: launchpad + +reviews: + + juno: + - https://review.openstack.org/121889 + + icehouse: + - https://review.openstack.org/121890 + + havana: + - https://review.openstack.org/121891 + + type: gerrit diff --git a/OSSA-2014-030.yaml b/OSSA-2014-030.yaml new file mode 100644 index 0000000..93bb44f --- /dev/null +++ b/OSSA-2014-030.yaml @@ -0,0 +1,64 @@ +date: 2014-09-25 + +id: OSSA-2014-030 + +title: 'TLS cert verification option not honoured in paste configs' + +description: 'Qin Zhao from IBM reported a vulnerability in keystonemiddleware + (formerly shipped as python-keystoneclient). When the "insecure" option + is set in a paste configuration file it is effectively ignored, + regardless of its value. As a result certificate verification will be + disabled, leaving TLS connections open to MITM attacks. All versions of + keystonemiddleware with TLS settings configured via a paste.ini file are + affected by this flaw.' + +reference: http://lists.openstack.org/pipermail/openstack-announce/2014-September/000281.html + +affected-products: + + - product: keystonemiddleware + version: versions up to 1.1.1 + + - product: python-keystoneclient + version: versions up to 0.10.1 + +vulnerabilities: + + - cve-id: CVE-2014-7144 + impact-assessment: + source: 'Red Hat Product Security' + rating: moderate + assessment: + type: CVSS2 + score: 4.3 + detail: AV:N/AC:M/Au:N/C:N/I:P/A:N + classification: + source: 'Red Hat Product Security' + type: CWE + detail: CWE-295 + +reporters: + + - name: 'Qin Zhao' + affiliation: IBM + reported: + - CVE-2014-7144 + + +issues: + + links: + - https://launchpad.net/bugs/1353315 + + type: launchpad + +reviews: + + keystonemiddleware-1.2.0: + - https://review.openstack.org/113191 + + python-keystone-0.11.0: + - https://review.openstack.org/112232 + + + type: gerrit diff --git a/OSSA-2014-031.yaml b/OSSA-2014-031.yaml new file mode 100644 index 0000000..4565f9d --- /dev/null +++ b/OSSA-2014-031.yaml @@ -0,0 +1,60 @@ +date: 2014-09-29 + +id: OSSA-2014-031 + +title: 'Admin-only network attributes may be reset to defaults by non-privileged users' + +description: 'Elena Ezhova from Mirantis reported a vulnerability in Neutron. + By updating a network attribute with a default value a non-privileged + user may reset admin-only network attributes. This may lead to unexpected + behavior with security implications for operators with a custom policy.json, + or in some extreme cases network outages resulting in denial of service. + All deployments using neutron networking are affected by this flaw.' + +reference: http://lists.openstack.org/pipermail/openstack-announce/2014-September/000285.html + +affected-products: + + - product: neutron + version: up to 2013.2.4 and 2014.1 versions up to 2014.1.2 + +vulnerabilities: + + - cve-id: CVE-2014-6414 + impact-assessment: + source: 'Red Hat Product Security' + rating: moderate + assessment: + type: CVSS2 + score: 4.0 + detail: AV:N/AC:L/Au:S/C:N/I:N/A:P + classification: + source: 'Red Hat Product Security' + type: CWE + detail: CWE-862 + +reporters: + + - name: 'Elena Ezhova' + affiliation: Mirantis + reported: + - CVE-2014-6414 + + +issues: + + links: + - https://launchpad.net/bugs/1357379 + + type: launchpad + +reviews: + + juno: + - https://review.openstack.org/114531 + + icehouse: + - https://review.openstack.org/123849 + + + type: gerrit diff --git a/OSSA-2014-032.yaml b/OSSA-2014-032.yaml new file mode 100644 index 0000000..b91fda0 --- /dev/null +++ b/OSSA-2014-032.yaml @@ -0,0 +1,62 @@ +date: 2014-10-02 + +id: OSSA-2014-032 + +title: 'Nova VMware driver still leaks rescued images' + +description: 'Garth Mollett from Red Hat reported an incomplete fix + to OSSA-2014-017 (CVE-2014-2573), a vulnerability affecting Nova. + If an authenticated user places an instance into rescue, and then + issues a suspend command it will cause the instance to enter an + ERROR state. Nova does not clean up an instance in this state + correctly upon deletion. An attacker can use this to launch a + denial of service attack. Only setups using the Nova VMware + driver are affected by this flaw.' + +reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000287.html + +affected-products: + + - product: nova + version: up to 2014.1.2 + +vulnerabilities: + + - cve-id: CVE-2014-3608 + impact-assessment: + source: 'Red Hat Product Security' + rating: moderate + assessment: + type: CVSS2 + score: 4.0 + detail: AV:N/AC:L/Au:S/C:N/I:N/A:P + classification: + source: 'Red Hat Product Security' + type: CWE + detail: CWE-772 + +reporters: + + - name: 'Garth Mollett' + affiliation: Red Hat + reported: + - CVE-2014-3608 + + +issues: + + links: + - https://launchpad.net/bugs/1338830 + + type: launchpad + +reviews: + + juno: + - https://review.openstack.org/94281 + + icehouse: + - https://review.openstack.org/109624 + + + type: gerrit diff --git a/OSSA-2014-033.yaml b/OSSA-2014-033.yaml new file mode 100644 index 0000000..cb44b2b --- /dev/null +++ b/OSSA-2014-033.yaml @@ -0,0 +1,64 @@ +date: 2014-10-02 + +id: OSSA-2014-033 + +title: 'Cinder-volume host data leak to vm instance' + +description: 'Duncan Thomas from Hewlett Packard reported a vulnerability in Cinder + GlusterFS and Linux Smbfs drivers. By overwriting a volume from within + an instance with a malicious qcow2 header, an authenticated user may be + able to clone and attach that corrupted volume resulting in affected + drivers leaking an arbitrary file from the Cinder-volume host to the + virtual instance. Note that the host file must be readable by the Cinder + context to be exposed. Only Cinder setups using GlusterFS volume driver + configured with glusterfs_qcow2_volumes=False (which is the default) or + Cinder setups using Smbfs volume driver configured with + smbfs_default_volume_format=raw (which is not the default) are affected.' + +reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000288.html + +affected-products: + + - product: cinder + version: up to 2014.1.2 + +vulnerabilities: + + - cve-id: CVE-2014-3641 + impact-assessment: + source: 'Red Hat Product Security' + rating: moderate + assessment: + type: CVSS2 + score: 3.5 + detail: AV:N/AC:M/Au:S/C:P/I:N/A:N + classification: + source: 'Red Hat Product Security' + type: CWE + detail: CWE-200 + +reporters: + + - name: 'Duncan Thomas' + affiliation: Hewlett Packard + reported: + - CVE-2014-3641 + + +issues: + + links: + - https://launchpad.net/bugs/1350504 + + type: launchpad + +reviews: + + juno: + - https://review.openstack.org/125671 + + icehouse: + - https://review.openstack.org/125710 + + + type: gerrit diff --git a/OSSA-2014-034.yaml b/OSSA-2014-034.yaml new file mode 100644 index 0000000..29f83b2 --- /dev/null +++ b/OSSA-2014-034.yaml @@ -0,0 +1,58 @@ +date: 2014-10-09 + +id: OSSA-2014-034 + +title: 'Swift metadata constraints are not correctly enforced' + +description: 'Rajaneesh Singh reported a vulnerability in the way Swift enforces + metadata constraints. By adding metadata in several separate calls, an + authenticated attacker can bypass the max_meta_count constraint, + potentially resulting in the storage of more metadata than allowed in + configuration.' + +reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000291.html + +affected-products: + + - product: swift + version: up to 2.1.0 + +vulnerabilities: + + - cve-id: CVE-2014-7960 + impact-assessment: + source: 'Red Hat Product Security' + rating: moderate + assessment: + type: CVSS2 + score: 4 + detail: AV:N/AC:L/Au:S/C:N/I:N/A:P + classification: + source: 'Red Hat Product Security' + type: CWE + detail: CWE-400 + +reporters: + + - name: 'Rajaneesh Singh' + affiliation: UNKNOWN + reported: + - CVE-2014-7960 + + +issues: + + links: + - https://launchpad.net/bugs/1365350 + + type: launchpad + +reviews: + + juno: + - https://review.openstack.org/125360 + + icehouse: + - https://review.openstack.org/126645 + + type: gerrit diff --git a/OSSA-2014-035.yaml b/OSSA-2014-035.yaml new file mode 100644 index 0000000..91c1815 --- /dev/null +++ b/OSSA-2014-035.yaml @@ -0,0 +1,59 @@ +date: 2014-10-14 + +id: OSSA-2014-035 + +title: "Nova VMware driver may connect VNC to another tenant's console" + +description: 'Marcio Roberto Starke reported a vulnerability in the Nova VMware + driver. A race condition in its VNC port allocation may cause it to + connect the wrong console if instances are created concurrently. By + repeatedly spawning new instances, an authenticated user may be able + to gain unauthorized console access to instances belonging to other + tenants. Only Nova setups using the VMware driver and the VNC proxy + service are affected.' + +reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html + +affected-products: + + - product: nova + version: up to 2014.1.3 + +vulnerabilities: + + - cve-id: CVE-2014-8750 + impact-assessment: + source: 'Red Hat Product Security' + rating: important + assessment: + type: CVSS2 + score: 6.0 + detail: AV:N/AC:M/Au:S/C:P/I:P/A:P + classification: + source: 'Red Hat Product Security' + type: CWE + detail: CWE-362 + +reporters: + + - name: 'Marcio Roberto Starke' + affiliation: UNKNOWN + reported: + - CVE-2014-8750 + +issues: + + links: + - https://launchpad.net/bugs/1357372 + + type: launchpad + +reviews: + + juno: + - https://review.openstack.org/114548 + + icehouse: + - https://review.openstack.org/126425 + + type: gerrit diff --git a/OSSA-2014-036.yaml b/OSSA-2014-036.yaml new file mode 100644 index 0000000..4465182 --- /dev/null +++ b/OSSA-2014-036.yaml @@ -0,0 +1,95 @@ +date: 2014-10-15 + +id: OSSA-2014-036 + +title: 'Potential leak of passwords into log files' + +description: "Amrith Kumar from Tesora reported two vulnerabilities in the + processutils.execute() and strutils.mask_password() functions available + from oslo-incubator that are copied into each project's code. An + attacker with read access to the services' logs may obtain passwords + used as a parameter of a command that has failed (CVE-2014-7230) or when + mask_password did not mask passwords properly (CVE-2014-7231). All + Cinder, Nova and Trove setups are affected." + + +reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000294.html + +affected-products: + + - product: nova + version: up to 2014.1.3 + + - product: cinder + version: up to 2014.1.3 + + - product: trove + version: up to 2014.1.2 + +vulnerabilities: + + - cve-id: CVE-2014-7230 + impact-assessment: + source: 'Red Hat Product Security' + rating: low + assessment: + type: CVSS2 + score: 2.1 + detail: AV:L/AC:L/Au:N/C:P/I:N/A:N + classification: + source: 'Red Hat Product Security' + type: CWE + detail: CWE-533 + + - cve-id: CVE-2014-7231 + impact-assessment: + source: 'Red Hat Product Security' + rating: low + assessment: + type: CVSS2 + score: 2.1 + detail: AV:L/AC:L/Au:N/C:P/I:N/A:N + classification: + source: 'Red Hat Product Security' + type: CWE + detail: CWE-533 + + +reporters: + + - name: 'Amrith Kumar' + affiliation: Tesora + reported: + - CVE-2014-7230 + - CVE-2014-7231 + +issues: + + links: + - https://launchpad.net/bugs/1377981 + - https://launchpad.net/bugs/1343604 + - https://launchpad.net/bugs/1345233 + + type: launchpad + +reviews: + + kilo: + - https://review.openstack.org/116927 + - https://review.openstack.org/126052 + - https://review.openstack.org/116982 + - https://review.openstack.org/126047 + - https://review.openstack.org/121417 + + juno: + - https://review.openstack.org/126594 + - https://review.openstack.org/126592 + + icehouse: + - https://review.openstack.org/121382 + - https://review.openstack.org/126665 + - https://review.openstack.org/121096 + - https://review.openstack.org/126699 + - https://review.openstack.org/121416 + + type: gerrit diff --git a/OSSA-2014-037.yaml b/OSSA-2014-037.yaml new file mode 100644 index 0000000..6ee872a --- /dev/null +++ b/OSSA-2014-037.yaml @@ -0,0 +1,59 @@ +date: 2014-10-21 + +id: OSSA-2014-037 + +title: 'Nova VMware instance in resize state may leak' + +description: 'Zhu Zhu from IBM reported a vulnerability in Nova VMware driver. If an + authenticated user deletes an instance while it is in resize state, it + will cause the original instance to not be deleted. An attacker can use + this to launch a denial of service attack. All Nova VMware setups are + affected.' + +reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html + +affected-products: + + - product: nova + version: up to 2014.1.3 + + +vulnerabilities: + + - cve-id: CVE-2014-8333 + impact-assessment: + source: 'Red Hat Product Security' + rating: moderate + assessment: + type: CVSS2 + score: 4.0 + detail: AV:N/AC:L/Au:S/C:N/I:N/A:P + classification: + source: 'Red Hat Product Security' + type: CWE + detail: CWE-772 + + +reporters: + + - name: 'Zhu Zhu' + affiliation: IBM + reported: + - CVE-2014-8333 + +issues: + + links: + - https://launchpad.net/bugs/1359138 + + type: launchpad + +reviews: + + juno: + - https://review.openstack.org/118595 + + icehouse: + - https://review.openstack.org/125492 + + type: gerrit diff --git a/OSSA-2014-038.yaml b/OSSA-2014-038.yaml new file mode 100644 index 0000000..ea923cc --- /dev/null +++ b/OSSA-2014-038.yaml @@ -0,0 +1,60 @@ +date: 2014-10-28 + +id: OSSA-2014-038 + +title: 'Nova network DoS through API filtering' + +description: 'Mohammed Naser from Vexxhost reported a vulnerability in Nova API + filters. By listing active servers using an ip filter, an authenticated + user may overload nova-network or neutron-server process, resulting in a + denial of services. All Nova setups are affected.' + +reference: http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html + +affected-products: + + - product: nova + version: up to 2014.1.3, and 2014.2 + +vulnerabilities: + + - cve-id: CVE-2014-3708 + impact-assessment: + source: 'Red Hat Product Security' + rating: moderate + assessment: + type: CVSS2 + score: 4.0 + detail: AV:N/AC:L/Au:S/C:N/I:N/A:P + classification: + source: 'Red Hat Product Security' + type: CWE + detail: CWE-400 + + +reporters: + + - name: 'Mohammed Naser' + affiliation: Vexxhost + reported: + - CVE-2014-3708 + +issues: + + links: + - https://launchpad.net/bugs/1358583 + + type: launchpad + +reviews: + + kilo: + - https://review.openstack.org/131460 + + juno: + - https://review.openstack.org/131462 + + icehouse: + - https://review.openstack.org/131461 + + type: gerrit