[Openstack-security] [Bug 1365712] Re: Command Execution Possible Through Config File Tampering
Jeremy Stanley
fungi at yuggoth.org
Fri Sep 5 15:28:53 UTC 2014
Got it. We use "security" bugs (whether private or public) to track
vulnerabilities, and use normal public bugs with the "security" tag for
hardening tasks.
** Tags added: security
** Information type changed from Public Security to Public
** Changed in: ossa
Status: Incomplete => Won't Fix
** Also affects: ossn
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1365712
Title:
Command Execution Possible Through Config File Tampering
Status in OpenStack Compute (Nova):
New
Status in OpenStack Security Advisories:
Won't Fix
Status in OpenStack Security Notes:
New
Bug description:
The OpenStack Security Group has been reviewing OpenStack code to find potential security vulnerabilities.
One class of these vulnerabilities is to allow someone with write access to nova.conf to cause code to be executed as the OpenStack user.
Some details are here:
https://review.openstack.org/#/c/118910/
More tracking information is here:
https://bugs.launchpad.net/nova/+bug/1192971
This bug is specifically to address the possible vulnerability at
nova/nova/virt/baremetal/ipmi.py:292
If a user has write access to nova.conf, he can set
[baremetal]
terminal = /bin/foo
and cause /bin/foo to be executed.
If a user has write access to nova.conf, he case set
[baremetal]
terminal_cert_dir = "; cat /etc/passwd"
and cause the password file to be written to stdout.
Some input validation would help correct this.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1365712/+subscriptions
More information about the Openstack-security
mailing list