OSSA-2013-030: XenAPI security groups not kept through migrate or resize

OSSA-2013-030: XenAPI security groups not kept through migrate or resize

Date:November 14, 2013
CVE:CVE-2013-4497

Affects

  • Nova: All supported versions prior to Havana

Description

Chris Behrens with Rackspace and Vangelis Tasoulas reported a set of vulnerabilities in OpenStack Nova’s XenAPI hypervisor backend. When migrating or resizing an instance, including live migration, existing security groups may not be reapplied after the operation completes. This can lead to unintentional network exposure for virtual machines. Only setups using the XenAPI backend are affected.

Credits

  • Chris Behrens from Rackspace (CVE-2013-4497)
  • Vangelis Tasoulas (CVE-2013-4497)
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.