[Openstack-security] [Bug 1341954] Re: suds client subject to cache poisoning by local attacker
Thierry Carrez
thierry.carrez+lp at gmail.com
Thu Oct 16 08:58:22 UTC 2014
** Changed in: nova
Milestone: juno-rc1 => 2014.2
** Changed in: cinder
Milestone: juno-3 => 2014.2
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1341954
Title:
suds client subject to cache poisoning by local attacker
Status in Cinder:
Fix Released
Status in Cinder havana series:
Fix Released
Status in Cinder icehouse series:
Fix Released
Status in Gantt:
New
Status in OpenStack Compute (Nova):
Fix Released
Status in Oslo VMware library for OpenStack projects:
Fix Released
Status in OpenStack Security Advisories:
Won't Fix
Status in OpenStack Security Notes:
In Progress
Bug description:
The suds project appears to be largely unmaintained upstream. The default cache implementation stores pickled objects to a predictable path in /tmp. This can be used by a local attacker to redirect SOAP requests via symlinks or run a privilege escalation / code execution attack via a pickle exploit.
cinder/requirements.txt:suds>=0.4
gantt/requirements.txt:suds>=0.4
nova/requirements.txt:suds>=0.4
oslo.vmware/requirements.txt:suds>=0.4
The details are available here -
https://bugzilla.redhat.com/show_bug.cgi?id=978696
(CVE-2013-2217)
Although this is an unlikely attack vector steps should be taken to
prevent this behaviour. Potential ways to fix this are by explicitly
setting the cache location to a directory created via
tempfile.mkdtemp(), disabling cache client.set_options(cache=None), or
using a custom cache implementation that doesn't load / store pickled
objects from an insecure location.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1341954/+subscriptions
More information about the Openstack-security
mailing list