Published: 09 May 2013
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.
Launchpad, Ubuntu, Debian
Upstream: https://review.openstack.org/#/c/28569/ (grizzly)
Upstream: https://review.openstack.org/#/c/28570/ (folsom)
Upstream: https://review.openstack.org/#/c/28568/ (havana)
|This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu.|
Ubuntu 12.04 LTS and lower not affected /tmp/keystone-signing-nova is created but it is owned by the nova user and symlink restrictions are in effect. upstream fix is to change /etc/nova/api-paste.ini. Since this issue is mitigated by symlink restrictions, ignoring since a config file change is too intrusive