CVE-2014-8750
openstack-nova: Nova VMware driver may connect VNC to another tenant's console
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.
CondiciĆ³n de carrera en el driver de VMware en OpenStack Compute (Nova) anterior a 2014.1.4 y 2014.2 anterior a 2014.2rc1, permite a usuarios remotos autenticados acceder a consolas no intencionadas, mediante una instancia que desencadena que el mismo puerto VNC sea asignado a dos instancias diferentes.
A race condition flaw was found in the way the nova VMware driver handled VNC port allocation. An authenticated user could use this flaw to gain unauthorized console access to instances belonging to other tenants by repeatedly spawning new instances. Note that only nova setups using the VMware driver and the VNC proxy service were affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-13 CVE Reserved
- 2014-10-15 CVE Published
- 2024-05-27 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-285: Improper Authorization
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/60227 | Third Party Advisory | |
http://www.openwall.com/lists/oss-security/2014/10/14/9 | Mailing List | |
http://www.securityfocus.com/bid/70182 | Third Party Advisory | |
https://bugs.launchpad.net/nova/+bug/1357372 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html | 2018-11-16 | |
http://rhn.redhat.com/errata/RHSA-2014-1689.html | 2018-11-16 | |
http://rhn.redhat.com/errata/RHSA-2014-1781.html | 2018-11-16 | |
http://rhn.redhat.com/errata/RHSA-2014-1782.html | 2018-11-16 | |
https://access.redhat.com/security/cve/CVE-2014-8750 | 2014-11-03 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1152346 | 2014-11-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | >= 2014.1 < 2014.1.4 Search vendor "Openstack" for product "Nova" and version " >= 2014.1 < 2014.1.4" | - |
Affected
| ||||||
Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | 2014.2 Search vendor "Openstack" for product "Nova" and version "2014.2" | milestone1 |
Affected
| ||||||
Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | 2014.2 Search vendor "Openstack" for product "Nova" and version "2014.2" | milestone2 |
Affected
| ||||||
Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | 2014.2 Search vendor "Openstack" for product "Nova" and version "2014.2" | milestone3 |
Affected
|