yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1125378] Re: [OSSA-2013-006] VNC proxy can be made to connect to wrong VM

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sean Dague <sean@xxxxxxxxx>
Date: Fri, 19 Sep 2014 10:55:36 -0000
Reply-to: Bug 1125378 <1125378@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** No longer affects: nova/essex

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1125378

Title:
  [OSSA-2013-006] VNC proxy can be made to connect to wrong VM

Status in OpenStack Compute (Nova):
  Fix Released
Status in OpenStack Compute (nova) folsom series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released

Bug description:
  Suppose a user requests a VNC token, and then deletes the VM right
  away, as I understand, the token is still valid not having yet
  exceeded the TTL. During this time if a new VM is spawned on the host
  and kvm reuses the port to bind the vncserver, it's possible for the
  user to use the old token to get access to this new VM, which could be
  owned by someone else.

  I have seen this happening in Essex code and was wondering if this is
  still the case. The possible solutions are to flush the tokens on vm
  delete, hard reboot etc or to have a password protected VNC session.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1125378/+subscriptions