CVE-2013-0335
Published: 26 February 2013
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
Notes
Author | Note |
---|---|
jdstrand | on 11.10, VNC consoles are only available via the web interface, but the web interface (horizon) is not functional since it depends on keystone and the keystone in 11.10 is a pre-release version and unusable with other components like horizon and nova. |
Priority
Status
Package | Release | Status |
---|---|---|
nova Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Ignored
|
|
precise |
Released
(2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.4)
|
|
quantal |
Released
(2012.2.1+stable-20121212-a99a802e-0ubuntu1.4)
|
|
upstream |
Released
(2013.1.g3)
|
|
Patches: upstream: https://review.openstack.org/#/c/22086/ upstream: https://review.openstack.org/#/c/22758 upstream: https://review.openstack.org/#/c/22872/ upstream: https://review.openstack.org/#/c/23036/ |