Security Bulletin: Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239)

Summary

OpenStack Nova could allow a remote authenticated attacker to bypass security restrictions. By rebuilding an instance, an attacker could exploit this vulnerability to achieve Filter Scheduler bypass.

Vulnerability Details

CVE-ID: CVE-2017-16239 **Description:**OpenStack Nova could allow a remote authenticated attacker to bypass security restrictions. By rebuilding an instance, an attacker could exploit this vulnerability to achieve Filter Scheduler bypass. **CVSS Base Score:**4.3 CVSS Temporal Score:https://exchange.xforce.ibmcloud.com/vulnerabilities/135002 for more information *CVSS Environmental Score:**Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

IBM PowerVC Standard Edition 1.3.2 through 1.3.2.1

IBM PowerVC Standard Edition 1.3.3 through 1.3.3.1

IBM PowerVC Standard Edition 1.4.0

IBM Cloud PowerVC Manager 1.3.2 through 1.3.2.1

IBM Cloud PowerVC Manager 1.3.3 through 1.3.3.1

IBM Cloud PowerVC Manager 1.4.0

Remediation/Fixes

For PowerVC 1.3.2, update to 1.3.2 FP1 and then apply IT24114 interim fix from Fix Central: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/PowerVC&release=1.3.2.1&platform=All&function=aparId&apars=IT24114

For PowerVC 1.3.3, update to 1.3.3 FP1 and then apply IT24114 interim fix from Fix Central: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/PowerVC&release=1.3.3.1&platform=All&function=aparId&apars=IT24114

For PowerVC 1.4.0, update to 1.4.0 FP1 from Fix Central: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/PowerVC&release=1.4.0.0&platform=All&function=textSearch&text=PowerVC+1.4.0.1

Workarounds and Mitigations

None