yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #29431
[Bug 1357372] Re: [oss-security] [OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750)
** Changed in: nova/icehouse
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1357372
Title:
[oss-security] [OSSA 2014-035] Nova VMware driver may connect VNC to
another tenant's console (CVE-2014-8750)
Status in OpenStack Compute (Nova):
Fix Released
Status in OpenStack Compute (nova) icehouse series:
Fix Released
Status in OpenStack Security Advisories:
Fix Released
Bug description:
When spawning some instances, nova VMware driver could have a race
condition in VNC port allocation. Although the get_vnc_port function
has a lock it not guarantee that the whole vnc port allocation process
is locked, so another instance could receive the same port if it
requests the VNC port before nova has finished the vnc port allocation
to another VM.
If the instances with the same VNC port are allocated in same host it
could lead to a improper access to the instance console.
Reproduce the problem: Launch two or more instances at same time. In
some cases one instance could execute the get_vnc_port and pick a port
but before this instance has finished the _set_vnc_config another
instance could execute get_vnc_port and pick the same port.
How often this occurs: unpredictable.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1357372/+subscriptions
References