[Openstack] Openstack potential security breach via ipv6

Shinobu Kinjo shinobu.kj at gmail.com
Thu Mar 3 11:15:44 UTC 2016


Can you elaborate more?

Rgds,
Shinobu

On Thu, Mar 3, 2016 at 7:48 PM, Vincent Godin <vince.mlist at gmail.com> wrote:
> If you install Openstack using ipv4 but without disabling ipv6 (like almost
> all distrib) a VM in any tenant is able to connect to every daemon listening
> in ipv6 on the compute (ssh, libvirt and  ...). This is du to the interfaces
> in the linux bridge attach to the VM which have ipv6 adresses by default and
> then are listening like all interfaces of the host. To do this, you just
> have to configure an ipv6 address on a VM of a tenant.
> To protect, you can just disable ipv6 or configure all daemon on the compute
> to listen only on ipv4 adresses
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>



-- 
Email:
shinobu at linux.com
GitHub:
shinobu-x
Blog:
Life with Distributed Computational System based on OpenSource




More information about the Openstack mailing list