On 02/26/13 12:34, Russell Bryant wrote: > OpenStack Security Advisory: 2013-006 > CVE: CVE-2013-0335 > Date: February 26, 2013 > Title: VNC proxy can connect to the wrong VM > Reporter: Loganathan Parthipan (HP), Rohit Karajgi (NTT Data) > Products: Nova > Affects: All versions > > Description: > Loganathan Parthipan (HP) and Rohit Karajgi (NTT Data) independently > reported a vulnerability in Nova. If a user requests a console and > then deletes the VM, it is possible that the console token could allow > connectivity to a different VM before the console token expires if the > VNC port gets reused in that time period. This issue can be worked > around by disabling VNC support. > > Fixes: > master (grizzly): https://review.openstack.org/#/c/22086/ > stable/folsom: https://review.openstack.org/#/c/22758 > stable/essex: https://review.openstack.org/#/c/22872/ > > References: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0335 > https://bugs.launchpad.net/nova/+bug/1125378 > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp >
Fixed in Gentoo. https://bugs.gentoo.org/show_bug.cgi?id=459364 -- -- Matthew Thode
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
