CVE-2017-17051
https://notcve.org/view.php?id=CVE-2017-17051
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected. Se ha descubierto un problema en el FilterScheduler por defecto en OpenStack Nova 16.0.3. Mediante la reconstrucción repetida de una instancia con nuevas imágenes, un usuario autenticado podría consumir recursos no seguidos en un host de hipervisor, lo que conduce a una denegación de servicio (DoS). • http://www.securityfocus.com/bid/102102 https://launchpad.net/bugs/1732976 https://review.openstack.org/521662 https://review.openstack.org/523214 https://security.openstack.org/ossa/OSSA-2017-006.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-16613
https://notcve.org/view.php?id=CVE-2017-16613
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team. Se descubrió un problema en middleware.py en OpenStack Swauth hasta la versión 1.2.0 cuando se utiliza con OpenStack Swift hasta la versión 2.15.1. • http://www.securityfocus.com/bid/101926 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314 https://bugs.launchpad.net/swift/+bug/1655781 https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298 https://www.debian.org/security/2017/dsa-4044 • CWE-287: Improper Authentication •
CVE-2017-16239 – openstack-nova: Nova Filter Scheduler bypass through rebuild action
https://notcve.org/view.php?id=CVE-2017-16239
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3. En OpenStack Nova hasta la versión 14.0.9, 15.x hasta la versión 15.0.7 y 16.x hasta la versión 16.0.2, al reconstrur una instancia, un usuario autenticado podría saltarse el Filter Scheduler omitiendos los filtros impuestos (por ejemplo, ImagePropertiesFilter o IsolatedHostsFilter). Todas las configuraciones que utilizan Nova Filter Scheduler se ven afectadas. • http://www.securityfocus.com/bid/101950 https://access.redhat.com/errata/RHSA-2018:0241 https://access.redhat.com/errata/RHSA-2018:0314 https://access.redhat.com/errata/RHSA-2018:0369 https://launchpad.net/bugs/1664931 https://security.openstack.org/ossa/OSSA-2017-005.html https://www.debian.org/security/2017/dsa-4056 https://access.redhat.com/security/cve/CVE-2017-16239 https://bugzilla.redhat.com/show_bug.cgi?id=1508539 • CWE-841: Improper Enforcement of Behavioral Workflow •
CVE-2015-5695
https://notcve.org/view.php?id=CVE-2015-5695
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set. Designate 2015.1.0 a 1.0.0.0b1, tal y como viene en OpenStack Kilo no ejecuta RecordSets por dominio y Records por cuotas de RecordSet cuando procesa una transferencia de archivos de zona interna, lo que puede permitir que los atacantes remotos causen una denegación de servicio (bucle infinito) mediante una serie de registros de recursos manipulados. • http://lists.openstack.org/pipermail/openstack/2015-July/013548.html http://www.openwall.com/lists/oss-security/2015/07/28/11 http://www.openwall.com/lists/oss-security/2015/07/29/6 https://bugs.launchpad.net/designate/+bug/1471161 https://bugzilla.redhat.com/show_bug.cgi?id=1245241 https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patch • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-7549 – instack-undercloud: uses hardcoded /tmp paths
https://notcve.org/view.php?id=CVE-2017-7549
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. Se ha encontrado un error en la versión 7.2.0 de instack-undercloud tal y como viene incorporado en Red Hat OpenStack Platform Pike; la versión 6.1.0 en Red Hat OpenStack Platform Oacta y la versión 5.3.0 en Red Hat OpenStack Newton, en donde los scripts de preinstalación y políticas de seguridad emplearon archivos temporales no seguros. Un usuario local podría explotar esta vulnerabilidad para llevar a cabo un ataque de enlace simbólico que les permita sobrescribir el contenido de archivos arbitrarios. A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. • http://www.securityfocus.com/bid/100407 https://access.redhat.com/errata/RHSA-2017:2557 https://access.redhat.com/errata/RHSA-2017:2649 https://access.redhat.com/errata/RHSA-2017:2687 https://access.redhat.com/errata/RHSA-2017:2693 https://access.redhat.com/errata/RHSA-2017:2726 https://bugzilla.redhat.com/show_bug.cgi?id=1477403 https://access.redhat.com/security/cve/CVE-2017-7549 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •