[Openstack-security] [Bug 1337349] Re: Nova qemu hypervisor host smbios serial number is leaked to guest
OpenStack Infra
1337349 at bugs.launchpad.net
Mon Aug 11 16:31:32 UTC 2014
Fix proposed to branch: master
Review: https://review.openstack.org/113311
** Changed in: nova
Assignee: (unassigned) => Daniel Berrange (berrange)
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1337349
Title:
Nova qemu hypervisor host smbios serial number is leaked to guest
Status in OpenStack Compute (Nova):
In Progress
Status in OpenStack Security Advisories:
Won't Fix
Status in OpenStack Security Notes:
New
Bug description:
Erwan Velu from eNovance reported a vulnerability in OpenStack Nova.
The hypervisor is passing host system uuid (-smbios version) to guests, and this happen to be a critical info leak.
The defect have been pinpointed to:
https://github.com/openstack/nova/blob/master/nova/virt/libvirt/driver.py#L3054
From a simple virtual machine, this may allow numerous info leak like:
Allow compute hardware enumeration from guests
Deduce service tag and get all hardware configuration
Ability to know if two instances are on the same compute
Dell hardware is particulary impacted as :
- the uuid encodes the service tag
- the service tag can be used on support site to determine:
- detailled hardware configuration
- date & country where the hw was shipped
- date & type of support contract
- amount of servers bought during this shipment
If there is no use case for this, we should scrambled that piece of
information.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1337349/+subscriptions
More information about the Openstack-security
mailing list