Open Stack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Summary ##
When deploying VirtualBMC or Sushy-Tools in an unsupported, production-like
configuration, it can remove secret data, including VNC passwords, from a
libvirt domain permanently. Operators impacted by this vulnerability must
reconfigure any secret data, including VNC passwords, for the libvirt
domain.

These virtual machine emulators are tools to help emulate a physical
machine's Baseboard Management Controller (BMC) to aid in development and
testing of software that would otherwise require physical machines to
perform integration testing activities. They are not intended or supported
for production or long-term use of any kind.

## Affected Services / Software ##
* Sushy-Tools, <=0.21.0
* VirtualBMC, <=2.2.2

There is no impact to any OpenStack software or services intended for
production use.

## Patches ##
* VirtualBMC: https://review.opendev.org/c/openstack/virtualbmc/+/862620
* Sushy-Tools: https://review.opendev.org/c/openstack/sushy-tools/+/862625

## Discussion ##
To perform some advanced operations on Libvirt virtual machines, the
underlying XML document describing the virtual machine's domain must be
extracted, modified, and then updated. These specific actions are for
aspects such as "setting a boot device" (VirtualBMC, Sushy-Tools), Setting
a boot mode (Sushy-Tools), and setting a virtual media device
(Sushy-Tools).

This issue is triggered when a VM has any kind of "secure" information
defined in the XML domain definition. If an operator deploys VirtualBMC or
Sushy-Tools to manage one of these libvirt VMs, the first time any action
is performed that requires rewriting of the XML domain definition, all
secure information -- including a VNC console password, if set -- is lost
and removed from the domain definition, leaving the libvirt VM's exposed to
a malicious console user.

## Recommended Actions ##
Operators who may have been impacted by this vulnerability should
immediately remove use of VirtualBMC and/or Sushy-Tools from their
production environment. Then, validate and if necessary, reconfigure
passwords for VNC access or any other impacted secrets.

## Notes ##
The OpenStack team will ensure documentation is updated to clearly state
these software packages are intended for development/CI use only, and are
not safe to run in production.

## Credits ##
Julia Kreger from Red Hat

## References ##
Author: Jay Faulkner, G-Research Open Source Software
This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0090
Original Storyboard bug: https://storyboard.openstack.org/#!/story/2010382
Mailing List : [Security] tag on openstack-discuss at lists.openstack.org
OpenStack Security Project : https://launchpad.net/~openstack-ossg
CVE: CVE-2022-44020
-----BEGIN PGP SIGNATURE-----
Version: FlowCrypt Email Encryption 8.3.8
Comment: Seamlessly send and receive encrypted email

wsFzBAEBCgAGBQJjYDhhACEJEGt12Tm0JMbUFiEEvF1YmsGLSYuWqE+ta3XZ
ObQkxtSCUw/9FEeakvlf06BWrk5Lc3TGwUKV0WiLaE4M0xjljkzg/3/580/E
nhOTl/raPszlzgkGdrQTaH3Sj4AwUTdPHqqxjyK/Xb1DIm+CfS3bdbP0aLHG
Y3Su4Z74unMaKbnbyDYhM1qMIzPyBruLpqiyYJGhSuzU/fu1O/LCWfSicvKK
YDmAHJ9TjXuTMdWrLrkMknvJaLe0aJrNW5iqDnIh6YrUC2Pioi5h+OFKwDpn
Ea+YnlAxKR7OQGRGcY3AwP1Jq87pdHZagcVThc/wnCATKT/FtaIogDkUnoMn
qI+6MNjV3R4kyQCbyo35KeIDWm+541XsK0GoR5hcvR1AkwciSPBAkt3VHxpa
p0g9hVcNTv+tWwN8LrdLRPMDuqKA51eNUvQCV8W+H42wS0uoaMPXglbZIuwv
AmEoK8UC8Gii8cPoIkiZGSSOo4i+tlE/q+L/Mgs1opyt1Klcxs/Lm1PNylET
XqLw70qKrfqWabZpKUxMS3F9JwyCkgnD5+t2x/qsqg5Hq+kUZqP8be3Oc7K7
He/gIneWDMpH1+J9Tm5ofyxtJCA+V96+cXoXYk8SncVf/O5djgd48UkQo1iJ
NZlKxJsaKH5+JyPuXkR6hyqDrIkmbJRh4aU9nJBQyFho0fXuQVlC2iUOGa0F
BgUFs5J6oQtglAAuyUoNuhuBJBwdW09NxQ4=
=6yXE
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x6B75D939B424C6D4.asc
Type: application/pgp-keys
Size: 3356 bytes
Desc: not available
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20221031/cc433d73/attachment.key>