yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1125378] Re: [OSSA-2013-006] VNC proxy can be made to connect to wrong VM

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Fri, 24 May 2013 12:52:40 -0000
Reply-to: Bug 1125378 <1125378@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Summary changed:

- VNC proxy can be made to connect to wrong VM
+ [OSSA-2013-006] VNC proxy can be made to connect to wrong VM

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Fix Released

** Changed in: ossa
     Assignee: (unassigned) => Russell Bryant (russellb)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1125378

Title:
  [OSSA-2013-006] VNC proxy can be made to connect to wrong VM

Status in OpenStack Compute (Nova):
  Fix Released
Status in OpenStack Compute (nova) essex series:
  Fix Committed
Status in OpenStack Compute (nova) folsom series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released

Bug description:
  Suppose a user requests a VNC token, and then deletes the VM right
  away, as I understand, the token is still valid not having yet
  exceeded the TTL. During this time if a new VM is spawned on the host
  and kvm reuses the port to bind the vncserver, it's possible for the
  user to use the old token to get access to this new VM, which could be
  owned by someone else.

  I have seen this happening in Essex code and was wondering if this is
  still the case. The possible solutions are to flush the tokens on vm
  delete, hard reboot etc or to have a password protected VNC session.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1125378/+subscriptions