OpenStack Security Advisory: 2014-035 CVE: CVE-2014-8750 Date: October 14, 2014 Title: Nova VMware driver may connect VNC to another tenant's console Reporter: Marcio Roberto Starke Products: Nova Versions: up to 2014.1.3 Description: Marcio Roberto Starke reported a vulnerability in the Nova VMware driver. A race condition in its VNC port allocation may cause it to connect the wrong console if instances are created concurrently. By repeatedly spawning new instances, an authenticated user may be able to gain unauthorized console access to instances belonging to other tenants. Only Nova setups using the VMware driver and the VNC proxy service are affected. Juno (development branch) fix: https://review.openstack.org/114548 Icehouse fix: https://review.openstack.org/126425 Notes: This fix was included in the 2014.2rc1 release candidate and will appear in a future 2014.1.4 stable point release. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8750 https://launchpad.net/bugs/1357372 -- Jeremy Stanley OpenStack Vulnerability Management Team -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 949 bytes Desc: Digital signature URL: <http://lists.openstack.org/pipermail/openstack-announce/attachments/20141014/b09f7f53/attachment.pgp>