OSSA-2013-006: VNC proxy can connect to the wrong VM¶

Date:: February 26, 2013
CVE:: CVE-2013-0335

Affects¶

Nova: All versions

Description¶

Loganathan Parthipan (HP) and Rohit Karajgi (NTT Data) independently reported a vulnerability in Nova. If a user requests a console and then deletes the VM, it is possible that the console token could allow connectivity to a different VM before the console token expires if the VNC port gets reused in that time period. This issue can be worked around by disabling VNC support.

Patches¶

https://review.openstack.org/#/c/22872 (Essex)
https://review.openstack.org/#/c/22758 (Folsom)
https://review.openstack.org/#/c/22086 (Grizzly)

Credits¶

Loganathan Parthipan from HP (CVE-2013-0335)
Rohit Karajgi from NTT Data (CVE-2013-0335)

References¶

https://launchpad.net/bugs/1125378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0335

OSSA-2013-006: VNC proxy can connect to the wrong VM