[openstack-announce] [OSSA 2013-033] Metadata queries from Neutron to Nova are not restricted by tenant (CVE-2013-6419)

11 Dec 2013

      OpenStack Security Advisory: 2013-033
CVE: CVE-2013-6419
Date: December 11, 2013
Title: Metadata queries from Neutron to Nova are not restricted by tenant
Reporter: Aaron Rosen (VMware)
Products: Neutron, Nova
Affects: All supported releases

Description:
Aaron Rosen from VMware reported a vulnerability in the metadata
access from OpenStack Neutron to Nova. Because of a missing
authorization check on port binding, by guessing an instance_id a
tenant may retrieve another tenant's metadata resulting in
information disclosure. Only OpenStack setups running
neutron-metadata-agent are affected.

Icehouse (development branch) fix:
https://review.openstack.org/61439 (neutron)
https://review.openstack.org/61428 (nova)

Havana fix:
https://review.openstack.org/61442 (neutron)
https://review.openstack.org/61435 (nova)

Grizzly fix:
https://review.openstack.org/61443 (neutron)
https://review.openstack.org/61437 (nova)

Notes:
This fix will be included in the icehouse-2 development milestone
and in a future 2013.2.1 release.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6419
https://launchpad.net/bugs/1235450

-- 
Jeremy Stanley
OpenStack Vulnerability Management Team