← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #30240

[Bug 1420457] Re: Insecurely generated session ID in vpn_ping()

  Thread PreviousDate PreviousThread Next 
** Changed in: nova
       Status: Fix Committed => Fix Released

** Changed in: nova
    Milestone: None => kilo-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1420457

Title:
  Insecurely generated session ID in vpn_ping()

Status in OpenStack Compute (Nova):
  Fix Released
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  --
  This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added as to the bug as attachments.
  --

  On this line:
  https://github.com/openstack/nova/blob/master/nova/utils.py#L163 the
  Python random.randint() function is being used to generate a 64 bit
  session ID, which according to the function is used in VPN
  negotiation.

  Session IDs which are not generated using a cryptographically suitable
  random number generation function maybe be vulnerable to session
  hijacking attacks if an adversary can predict the session ID.

  I'm not familiar enough with the code to be able to assess the impact
  of this vulnerability, but if it really is unimportant to have non-
  predictable session IDs, we should explicitly call it out via a
  comment in the code.  If this session ID should be cryptographically
  unpredictable, it should be a simple fix.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1420457/+subscriptions
  Thread PreviousDate PreviousThread Next