CVE-2013-6419 – Nova: Metadata queries from Neutron to Nova are not restricted by tenant
https://notcve.org/view.php?id=CVE-2013-6419
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron. Error de interacción en OpenStack Nova y Neutron anteriores a Havana 2013.2.1 e icehouse-1 no valida el ID de la instancia del inquilino haciendo una petición, lo cual permite a inquilinos remotos obtener metadatos sensibles falseando el ID del dispositivo ligado a un puerto, lo cual no es manejado adecuadamente por (1) api/metadata/handler.py en Nova y (2) el neutron-metadata-agent (agent/metadata/agent.py) en Neutron. • http://rhn.redhat.com/errata/RHSA-2014-0091.html http://rhn.redhat.com/errata/RHSA-2014-0231.html http://www.openwall.com/lists/oss-security/2013/12/11/8 http://www.securityfocus.com/bid/64250 https://bugs.launchpad.net/neutron/+bug/1235450 https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py https://access.redhat.com/security/cve/CVE-2013-6419 https://bugzill • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-4497 – openstack-nova: XenAPI security groups not kept through migrate or resize
https://notcve.org/view.php?id=CVE-2013-4497
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. El backend XenAPI en OpenStack Compute (Nova) Folsom, Grizzly, y Habana anterior a 2013.2 no se aplica correctamente los grupos de seguridad (1) al cambiar el tamaño de una imagen o (2) durante la migración en tiempo real, lo que permite a atacantes remotos evitar las restricciones previstas. • http://www.openwall.com/lists/oss-security/2013/11/03/2 http://www.openwall.com/lists/oss-security/2013/11/03/3 https://bugs.launchpad.net/nova/+bug/1073306 https://bugs.launchpad.net/nova/+bug/1202266 https://access.redhat.com/security/cve/CVE-2013-4497 https://bugzilla.redhat.com/show_bug.cgi?id=1026171 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4179 – OpenStack: Nova XML entities DoS
https://notcve.org/view.php?id=CVE-2013-4179
The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664. La extensión de grupos de seguridad en OpenStack Compute (Nova) Grizzly 2013.1.3, Havana anteriores a havana-3, y anteriores, permite a atacantes remotos causar una denegación de servicio (consumo de recursos y caída) a través de un ataque XML Entity Expansion (XEE). NOTA: este problema es debido a una solución incompleta para CVE-2013-1664. • http://rhn.redhat.com/errata/RHSA-2013-1199.html http://www.ubuntu.com/usn/USN-2005-1 https://bugs.launchpad.net/ossa/+bug/1190229 https://access.redhat.com/security/cve/CVE-2013-4179 https://bugzilla.redhat.com/show_bug.cgi?id=989707 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •