CVE-2013-0335
Published: 26 February 2013
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
Notes
| Author | Note |
|---|---|
| jdstrand | on 11.10, VNC consoles are only available via the web interface, but the web interface (horizon) is not functional since it depends on keystone and the keystone in 11.10 is a pre-release version and unusable with other components like horizon and nova. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
nova Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| oneiric |
Ignored
|
|
| precise |
Released
(2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.4)
|
|
| quantal |
Released
(2012.2.1+stable-20121212-a99a802e-0ubuntu1.4)
|
|
| upstream |
Released
(2013.1.g3)
|
|
|
Patches: upstream: https://review.openstack.org/#/c/22086/ upstream: https://review.openstack.org/#/c/22758 upstream: https://review.openstack.org/#/c/22872/ upstream: https://review.openstack.org/#/c/23036/ |
||