<div dir="ltr"><div><div><div>> This security breach is happening right now here and I<br>> don't know what
can I do to fix it, or what should I type<br>> on a BUG at Launchpad...<br></div>Ubuntu has made it all but impossible to file bug reports. Their circular redirects are worse than a telephone menu system that takes you down a bunch of dead-end paths. Unless you have the URL jotted down in a notebook....<br>
<br></div>Try this link to file a bug report: <a href="https://bugs.launchpad.net/ubuntu/+filebug/?no-redirect" target="_blank">https://bugs.launchpad.net/ubuntu/+filebug/?no-redirect</a>.<br><br></div>The pages asks you to select a package. But I find the package search tool is nearly broken, and often have to file them under "I Don't Know" because the package I am looking for is not a selection.<br>
<div><div><div><div class="gmail_extra"><br><b><u>> This problem is very serious</u></b>, mostly because "Tenant A"<br>> can't see its own instances, so, he is unable to use the<br>> OpenStack
anymore and, "Tenant B" isn't aware that someone<br>> else is accessing its
Instances without his permission.<br></div><div class="gmail_extra">There's a few CVE's associated with similar:<br><br> * <a href="http://insecure.org/search.html?q=openstack%20tenant">http://insecure.org/search.html?q=openstack%20tenant</a><br>
* <a href="http://insecure.org/search.html?q=openstack%20vnc">http://insecure.org/search.html?q=openstack%20vnc</a><br><br>See, for example "VNC proxy can connect to the wrong VM", <a href="http://seclists.org/oss-sec/2013/q1/456" target="_blank">http://seclists.org/oss-sec/2013/q1/456</a>. Perhaps you are seeing an unpatched bug due to a downlevel version of the software?<br>
<br></div><div class="gmail_extra">Jeff<br><br></div><div class="gmail_extra"><div class="gmail_quote">On Mon, Dec 23, 2013 at 3:57 PM, Martinx - ジェームズ <span dir="ltr"><<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Diego!<div><br></div><div>I did not reinstall OpenStack components or Compute Node... It was a fresh install, that I started using into production.</div>
<div><br></div><div>I already did this before, I mean, reinstall things without formatting the server but, I always remove all the remaining instances, with virt-manager, before starting it over again, but not this time.</div>
<div><br></div><div>This security breach is happening right now here and I don't know what can I do to fix it, or what should I type on a BUG at Launchpad...</div><div><br></div><div><b><u>This problem is very serious</u></b>, mostly because "Tenant A" can't see its own instances, so, he is unable to use the OpenStack anymore and, "Tenant B" isn't aware that someone else is accessing its Instances without his permission.</div>
<div><br></div><div>I'm sure that this problem is worth to take a look by someone more expert than I.</div></div></blockquote></div></div></div></div></div></div>