yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1435386] Re: Specific config setting may result in VMs being taken over through VNC

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Tom Fifield <1435386@xxxxxxxxxxxxxxxxxx>
Date: Fri, 22 May 2015 21:53:10 -0000
Reply-to: Bug 1435386 <1435386@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: openstack-manuals
    Milestone: kilo => liberty

** No longer affects: nova

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1435386

Title:
  Specific config setting may result in VMs being taken over through VNC

Status in OpenStack Manuals:
  Triaged
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  Jonathan Hogg from Chargebox reports (edited):

  On a single-machine cloud running OpenStack Icehouse and over the last
  week we have seen compromises of all of the Ubuntu 14.04 VMs running
  on the machine. Scenario shows the attacker gaining access through VNC
  (via controlled reboot to reset root password).

  QEMU instances are running with -vnc 0.0.0.0:1, which may or may not
  be the issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-manuals/+bug/1435386/+subscriptions