yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1337349] Re: Nova qemu hypervisor host smbios serial number is leaked to guest

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Fri, 05 Sep 2014 09:54:05 -0000
Reply-to: Bug 1337349 <1337349@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova
       Status: Fix Committed => Fix Released

** Changed in: nova
    Milestone: None => juno-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1337349

Title:
  Nova qemu hypervisor host smbios serial number is leaked to guest

Status in OpenStack Compute (Nova):
  Fix Released
Status in OpenStack Security Advisories:
  Won't Fix
Status in OpenStack Security Notes:
  In Progress

Bug description:
  Erwan Velu from eNovance reported a vulnerability in OpenStack Nova.

  The hypervisor is passing host system uuid (-smbios version) to guests, and this happen to be a critical info leak.
  The defect have been pinpointed to:
   https://github.com/openstack/nova/blob/master/nova/virt/libvirt/driver.py#L3054

  From a simple virtual machine, this may allow numerous info leak like:
      Allow compute hardware enumeration from guests
      Deduce service tag and get all hardware configuration
      Ability to know if two instances are on the same compute

  Dell hardware is particulary impacted as :
      - the uuid encodes the service tag
      - the service tag can be used on support site to determine:
      - detailled hardware configuration
      - date & country where the hw was shipped
      - date & type of support contract
      - amount of servers bought during this shipment

  If there is no use case for this, we should scrambled that piece of
  information.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1337349/+subscriptions