ID CVE-2015-7713 Type cve Reporter NVD Modified 2016-12-07T13:25:01
Description
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
{"result": {"redhat": [{"id": "RHSA-2015:2684", "type": "redhat", "title": "(RHSA-2015:2684) Moderate: openstack-nova secuity and bug fix advisory", "description": "OpenStack Compute (nova) launches and schedules large networks of \nvirtual machines, creating a redundant and scalable cloud computing \nplatform. Compute provides the software, control panels, and APIs \nrequired to orchestrate a cloud, including running virtual machine \ninstances and controlling access through users and projects.\n\nA vulnerability was discovered in the way OpenStack Compute (nova)\nnetworking handled security group updates; changes were not applied to\nalready running VM instances. A remote attacker could use this flaw to\naccess running VM instances. (CVE-2015-7713)\n\nAdditional bug fixes include:\n\n* In some cases, Compute did not start instances when RHEL was \ninstalled with a locale other than en_US. The update ensures that \nlogging an exception no longer causes Unicode issues. (BZ#1190837)\n\nAll openstack-nova users are advised to upgrade to these updated \npackages, which correct these issues and add these enhancements.", "published": "2015-12-21T23:32:35", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:2684", "cvelist": ["CVE-2015-7713"], "lastseen": "2018-03-19T21:56:19"}, {"id": "RHSA-2015:2673", "type": "redhat", "title": "(RHSA-2015:2673) Moderate: openstack-nova security and bug fix advisory", "description": "OpenStack Compute (nova) launches and schedules large networks of virtual\nmachines, creating a redundant and scalable cloud computing platform.\nCompute provides the software, control panels, and APIs required to\norchestrate a cloud, including running virtual machine instances and\ncontrolling access through users and projects.\n\nA vulnerability was discovered in the way OpenStack Compute (nova)\nnetworking handled security group updates; changes were not applied to\nalready running VM instances. A remote attacker could use this flaw to\naccess running VM instances. (CVE-2015-7713)\n\nAdditional updates include:\n\n* The openstack-nova packages have been upgraded to upstream version \n2015.1.2. See https://launchpad.net/nova/kilo/2015.1.2 for a complete list\nof bug fixes and enhancements. (BZ#1274875)\n\n* When using huge pages, the back-end memory for a guest was configured as\nprivate. This disallowed an external process connected to a vhostuser VIF\ntype to access the QEMU guest's memory, which is required by the QEMU\nnetwork driver functionality. The memory mappings are now marked as\nshared, and the external process to provide QEMU network is able to access\nthe guest's memory. (BZ#1215790)\n\n* The termination of a WSGI application or an RPC server immediately\nstopped the service and interrupted requests that were in progress. This\nupdate adds a graceful handler for the SIGTERM signal sent to the parent\nWSGI process, so the termination is performed gracefully, which allows\nongoing processes to continue. (BZ#1250269)\n\n* Previously, novaclient records requested time even when timing was set \nto False. As a consequence, system memory kept increasing. With this\nupdate, when timing is set to True, the time of each request is recorded \nand the timings are reset to clear the memory, which no longer\nincreases. (BZ#1260868)\n\n* An earlier update changed the return value when no host devices were\nfound when connecting to an iSCSI or iSER volume. Consequently, when no\nhost devices were found, an exception was thrown and the connect volume\nattempt failed. This update adds an additional check to ensure\nos.path.exists(None) is never called. As a result, an exception is no\nlonger thrown and the connect logic correctly retries finding present\nhost devices. (BZ#1268051)\n\n* Compute's rootwrap filters restricted an `ln` command used by the volume\nencryption providers to a specific iSCSI related target path. Consequently,\niSER, NFS, and FC volumes encountered failures because the `ln` command was\nrejected by Compute's rootwrap filters. This update makes Nova's rootwrap\nfilters more generic when calling `ln` allowing the volume encryption\nproviders to succeed. (BZ#1273466)\n\n* FCoE devices have different sysfs paths to standard FC devices.\nConsequently, Nova failed when attempting to attach an FCoE based volume\nto an instance as it assumed these paths were the same. This update ensures\nthat the required PCI information is parsed from both FC and FCoE sysfs\ndevice paths. As a result, Nova now succeeds in attaching FCoE based\nvolumes to instances. (BZ#1274054)\n\n* Nova failed to parse the output from the `multipath -l ${device}` command\nwhen errors were present. Consequently, the attaching and detaching of\nvolumes could fail. This update corrects the find_multipath_device method\nto ensure that any errors present in the output from the aforementioned\ncommand are ignored. As a result, both the attaching and detaching of\nvolumes will now succeed even if errors occur. (BZ#1275937)\n\n* Volumes were not correctly detached if an error was encountered during\nthe attach process, and could be left attached to an instance, resulting\nin data loss. This update ensures that the volume is both detached\nand the connection to the volume closed in the event of a failure during\nthe attach process. (BZ#1276011)\n\n* The ability of the libvirt driver to set the admin password has been \nadded. To use this feature, run the following command: \n nova root-password [server]\n(BZ#1261100)", "published": "2015-12-21T21:34:22", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:2673", "cvelist": ["CVE-2015-7713"], "lastseen": "2018-03-20T08:32:33"}, {"id": "RHSA-2016:0013", "type": "redhat", "title": "(RHSA-2016:0013) Moderate: openstack-nova security and bug fix advisory", "description": "OpenStack Compute (nova) launches and schedules large networks of \nvirtual machines, creating a redundant and scalable cloud computing \nplatform. Compute provides the software, control panels, and APIs \nrequired to orchestrate a cloud, including running virtual machine \ninstances and controlling access through users and projects.\n\nA vulnerability was discovered in the way OpenStack Compute (nova)\nnetworking handled security group updates; changes were not applied to\nalready running VM instances. A remote attacker could use this flaw to\naccess running VM instances. (CVE-2015-7713)\n\nAdditional bug fixes include:\n\n* Suspending an instance with a pre-created port that uses\n binding:vnic_type='direct' previously failed; this has been fixed\n with an update to the API.(BZ#1196054)\n\n* When using multipath-backed volumes using Object Storage (cinder), \n attach attempts failed without error. The handling of device \n identifiers has been updated and volumes can now be attached. \n (BZ#1206699)\n\n* Previously, OpenStack Compute did not conform to PEP8 conventions;\n this has been fixed. (BZ#1278411)\n\n* With a faulty lun in a multipath device, Compute tried to use the \n wrong device. Compute now uses the correct device, and instances\n can boot normally. (BZ#1280359)\n\n* When using a FCoE adapter instead of a FC adapter, volumes \n previously failed to attach to the VM. This issue has been fixed. \n (BZ#1284033) \n\nAll openstack-nova users are advised to upgrade to these updated \npackages, which correct these issues and add these enhancements.", "published": "2016-01-08T01:40:48", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0013", "cvelist": ["CVE-2015-7713"], "lastseen": "2018-03-19T21:56:21"}, {"id": "RHSA-2016:0017", "type": "redhat", "title": "(RHSA-2016:0017) Important: openstack-nova security advisory", "description": "OpenStack Compute (nova) launches and schedules large networks of virtual\nmachines, creating a redundant and scalable cloud computing platform.\nCompute provides the software, control panels, and APIs required to\norchestrate a cloud, including running virtual machine instances and\ncontrolling access through users and projects.\n\nA flaw was discovered in the OpenStack Compute (nova) snapshot feature when\nusing the libvirt driver. A compute user could overwrite an attached\ninstance disk with a malicious header specifying a backing file, and then\nrequest a snapshot, causing a file from the compute host to be leaked. This\nflaw only affects LVM or Ceph setups, or setups using filesystem storage\nwith \"use_cow_images = False\". (CVE-2015-7548)\n\nA vulnerability was discovered in the way OpenStack Compute (nova)\nnetworking handled security group updates; changes were not applied to\nalready running VM instances. A remote attacker could use this flaw to\naccess running VM instances. (CVE-2015-7713)\n\nThe CVE-2015-7548 issue was discovered by Matthew Booth of Red Hat\nOpenStack Engineering.\n\nAll openstack-nova users are advised to upgrade to these updated packages,\nwhich correct these issues.", "published": "2016-01-11T04:07:38", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0017", "cvelist": ["CVE-2015-7548", "CVE-2015-7713"], "lastseen": "2017-03-10T07:18:34"}], "ubuntu": [{"id": "USN-3449-1", "type": "ubuntu", "title": "OpenStack Nova vulnerabilities", "description": "George Shuklin discovered that OpenStack Nova incorrectly handled the migration process. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-3241)\n\nGeorge Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly handled deleting instances. A remote authenticated user could use this issue to consume disk resources, resulting in a denial of service. (CVE-2015-3280)\n\nIt was discovered that OpenStack Nova incorrectly limited qemu-img calls. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-5162)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled snapshots. A remote authenticated user could use this issue to read arbitrary files. (CVE-2015-7548)\n\nSreekumar S. and Suntao discovered that OpenStack Nova incorrectly applied security group changes. A remote attacker could possibly use this issue to bypass intended restriction changes by leveraging an instance that was running when the change was made. (CVE-2015-7713)\n\nMatt Riedemann discovered that OpenStack Nova incorrectly handled logging. A local attacker could possibly use this issue to obtain sensitive information from log files. (CVE-2015-8749)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled certain qcow2 headers. A remote authenticated user could possibly use this issue to read arbitrary files. (CVE-2016-2140)", "published": "2017-10-11T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/3449-1/", "cvelist": ["CVE-2015-5162", "CVE-2015-8749", "CVE-2015-3241", "CVE-2016-2140", "CVE-2015-3280", "CVE-2015-7548", "CVE-2015-7713"], "lastseen": "2018-03-29T18:17:08"}], "nessus": [{"id": "UBUNTU_USN-3449-1.NASL", "type": "nessus", "title": "Ubuntu 14.04 LTS : nova vulnerabilities (USN-3449-1)", "description": "George Shuklin discovered that OpenStack Nova incorrectly handled the migration process. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-3241)\n\nGeorge Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly handled deleting instances. A remote authenticated user could use this issue to consume disk resources, resulting in a denial of service. (CVE-2015-3280)\n\nIt was discovered that OpenStack Nova incorrectly limited qemu-img calls. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-5162)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled snapshots. A remote authenticated user could use this issue to read arbitrary files. (CVE-2015-7548)\n\nSreekumar S. and Suntao discovered that OpenStack Nova incorrectly applied security group changes. A remote attacker could possibly use this issue to bypass intended restriction changes by leveraging an instance that was running when the change was made. (CVE-2015-7713)\n\nMatt Riedemann discovered that OpenStack Nova incorrectly handled logging. A local attacker could possibly use this issue to obtain sensitive information from log files. (CVE-2015-8749)\n\nMatthew Booth discovered that OpenStack Nova incorrectly handled certain qcow2 headers. A remote authenticated user could possibly use this issue to read arbitrary files. (CVE-2016-2140).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-10-12T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=103812", "cvelist": ["CVE-2015-5162", "CVE-2015-8749", "CVE-2015-3241", "CVE-2016-2140", "CVE-2015-3280", "CVE-2015-7548", "CVE-2015-7713"], "lastseen": "2018-01-31T07:08:16"}], "openvas": [{"id": "OPENVAS:1361412562310843332", "type": "openvas", "title": "Ubuntu Update for nova USN-3449-1", "description": "Check the version of nova", "published": "2017-10-12T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843332", "cvelist": ["CVE-2015-5162", "CVE-2015-8749", "CVE-2015-3241", "CVE-2016-2140", "CVE-2015-3280", "CVE-2015-7548", "CVE-2015-7713"], "lastseen": "2017-10-17T18:25:14"}]}}