** Changed in: ossa
Status: Incomplete => Invalid
** Information type changed from Private Security to Public
** Changed in: neutron
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1347027
Title:
Security groups attached to VMs makes it possible for hacked VM to
modify its security
Status in OpenStack Neutron (virtual network service):
Invalid
Status in OpenStack Security Advisories:
Invalid
Bug description:
The security groups are associated with the VMs, rather than the
routers. So, if a hackers manages to get a root shell on a VM, they
can change their security by modifying their iptable entries.
If the security was attached to the network, rather than the VMs, such
an exploit could be avoided.
I do not have a POC for this issue. But, according to the
documentation I have been reading about how network security has been
implemented in Open Stack, this is a potential issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1347027/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
