[Openstack-security] [Bug 1865036] Re: l3 agent metadata proxy allows access to metadata from any available network

OpenStack Infra 1865036 at bugs.launchpad.net
Tue Mar 10 03:15:13 UTC 2020 

Reviewed:  https://review.opendev.org/711102
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=1c13ad05dd937b65330c389301c2f095b7bedcd3
Submitter: Zuul
Branch:    stable/rocky

commit 1c13ad05dd937b65330c389301c2f095b7bedcd3
Author: Brian Haley <bhaley at redhat.com>
Date:   Thu Feb 27 17:33:28 2020 -0500

    Remove extra header fields in proxied metadata requests
    
    If a user specifies a header in their request for metadata,
    it could override what the proxy would have inserted on their
    behalf. Make sure to remove any headers we don't want, and
    override something that might be present in the request.
    If the agent somehow gets a request with both headers it will
    silently drop it.
    
    Change-Id: Id6c103b7bcebe441c27c6049d349d84ba7fd15a6
    Closes-bug: #1865036
    (cherry picked from commit 5af046fd4e6387cdbf8bf65ea4c2039a4019b64b)


** Tags added: in-stable-rocky

-- 
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1865036

Title:
  l3 agent metadata proxy allows access to metadata from any available
  network

Status in neutron:
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Tested with Train release, by quick code check it affects also at
  least Rocky, Stein and Ussuri (current master).

  The security issue is than one can access metadata of an arbitrary other instance if the following conditions are met (let's call the "other instance" a "victim", it can be in any other project not normally available to the attacker):
  1) Victim's port fixed IP address is known.
  2) Victim's port network ID is known.
  3) Attacker can use a network with access to l3 agent metadata proxy (i.e. can use routers) and deploy instances.

  The scenario is as follows:
  1) create a self-service network including the targeted address
  2) create an instance with the same fixed IP address
  3) create a router and wire it up with that network (other connections irrelevant)
  4) boot up the instance (make sure to drop the potential route to dhcp agent metadata proxy if used)
  5) run e.g.:
  curl -H "X-Neutron-Network-ID: $VICTIM_NET_ID" 169.254.169.254/openstack/latest/meta_data.json

  Observed behaviour:
  Normally-secret information disclosure.

  Expected behaviour:
  Proxy ignores (removes) that extra header and proceeds as if nothing happened (most expected)
  OR proxy returns an error (and logs it / sends a notification about it)
  OR proxy blocks the request and calls the police as you are a bad boy :-) (least expected... but nice)

  Initial code analysis:

  1) the haproxy config is inadequate:
  https://opendev.org/openstack/neutron/src/commit/6b9765c991da8731fe39f7e7eed1ed6e2bca231a/neutron/agent/metadata/driver.py#L68
  ^ this should replace all current headers in the current trust model

  2) the reason this works with l3 agent (and so far not with dhcp agent unless there is some other general header exploit in the stack) are the following lines:
  https://opendev.org/openstack/neutron/src/commit/6b9765c991da8731fe39f7e7eed1ed6e2bca231a/neutron/agent/metadata/agent.py#L146-L152

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1865036/+subscriptions

More information about the Openstack-security mailing list