[Openstack-security] [Bug 1365712] Re: Command Execution Possible Through Config File Tampering
Nathan Kinder
nkinder at redhat.com
Fri Sep 12 04:25:46 UTC 2014
This is already covered by published note OSSN-0026:
https://wiki.openstack.org/wiki/OSSN/OSSN-0026
** Changed in: ossn
Status: New => Fix Released
** Changed in: ossn
Assignee: (unassigned) => Travis McPeak (travis-mcpeak)
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1365712
Title:
Command Execution Possible Through Config File Tampering
Status in OpenStack Compute (Nova):
Won't Fix
Status in OpenStack Security Advisories:
Won't Fix
Status in OpenStack Security Notes:
Fix Released
Bug description:
The OpenStack Security Group has been reviewing OpenStack code to find potential security vulnerabilities.
One class of these vulnerabilities is to allow someone with write access to nova.conf to cause code to be executed as the OpenStack user.
Some details are here:
https://review.openstack.org/#/c/118910/
More tracking information is here:
https://bugs.launchpad.net/nova/+bug/1192971
This bug is specifically to address the possible vulnerability at
nova/nova/virt/baremetal/ipmi.py:292
If a user has write access to nova.conf, he can set
[baremetal]
terminal = /bin/foo
and cause /bin/foo to be executed.
If a user has write access to nova.conf, he case set
[baremetal]
terminal_cert_dir = "; cat /etc/passwd"
and cause the password file to be written to stdout.
Some input validation would help correct this.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1365712/+subscriptions
More information about the Openstack-security
mailing list