[Openstack] Openstack potential security breach via ipv6

Vincent Godin vince.mlist at gmail.com
Thu Mar 3 10:48:30 UTC 2016


If you install Openstack using ipv4 but without disabling ipv6 (like almost
all distrib) a VM in any tenant is able to connect to every daemon
listening in ipv6 on the compute (ssh, libvirt and  ...). This is du to the
interfaces in the linux bridge attach to the VM which have ipv6 adresses by
default and then are listening like all interfaces of the host. To do this,
you just have to configure an ipv6 address on a VM of a tenant.
To protect, you can just disable ipv6 or configure all daemon on the
compute to listen only on ipv4 adresses
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160303/a8d870d0/attachment.html>


More information about the Openstack mailing list