yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1606500] Re: [OSSA 2016-013] Heat: template source URL allows network port scan (CVE-2016-9185)

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Tristan Cacqueray <tdecacqu@xxxxxxxxxx>
Date: Fri, 18 Nov 2016 14:02:26 -0000
Reply-to: Bug 1606500 <1606500@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Summary changed:

- Heat: template source URL allows network port scan (CVE-2016-9185)
+ [OSSA 2016-013] Heat: template source URL allows network port scan (CVE-2016-9185)

** Changed in: ossa
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1606500

Title:
  [OSSA 2016-013] Heat: template source URL allows network port scan
  (CVE-2016-9185)

Status in heat:
  Fix Released
Status in OpenStack Dashboard (Horizon):
  Invalid
Status in OpenStack Security Advisory:
  Fix Released

Bug description:
  Launching a new Heat stack and giving the template from an URL like
  http://localhost:22

  Results in an error message like:

  ERROR: Could not retrieve template: Failed to retrieve template:
  ('Connection aborted.', BadStatusLine('SSH-2.0-OpenSSH_6.6.1\r\n',))

  This is a security issue as it allows users to scan the network for
  listening ports.

  heat CLI does not allow that:

  heat stack-create -u http://localhost:22 test
  [Errno 104] Connection reset by peer

To manage notifications about this bug go to:
https://bugs.launchpad.net/heat/+bug/1606500/+subscriptions