[Openstack-security] [openstack/nova] SecurityImpact review request change If5ac48c5c889034c7b0ba24d977e8f4a14137a12

Daniel P. Berrange berrange at redhat.com
Wed Aug 21 09:06:22 UTC 2013


On Tue, Aug 20, 2013 at 09:12:36PM +0000, gerrit2 at review.openstack.org wrote:
> 
> Hi, I'd like you to take a look at this patch for potential
> SecurityImpact.
> https://review.openstack.org/36078
> 
> Log:
> commit ddc65b392bceae9840b593db542c226407af0c22
> Author: Lance Bragstad <ldbragst at us.ibm.com>
> Date:   Mon Jul 1 19:49:21 2013 +0000
> 
>     Address security concerns in PowerVM Driver
>     
>     Add two methods to common.py that will help check commands
>     being sent to the remote VIOS system to prevent shell injection.
>     
>     fixes bug 1192971
>     
>     [SecurityImpact]
>     
>     Change-Id: If5ac48c5c889034c7b0ba24d977e8f4a14137a12

Was this driver present in the Grizzly release ? If so, then this fix
would merit a CVE if someone can identify a way to exploit the flawed
command checking in current code.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the Openstack-security mailing list