CVE-2013-2030

Published: 09 May 2013

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.

Priority

Low

Status

Package Release Status
nova
Launchpad, Ubuntu, Debian
Upstream Needed

Patches:
Upstream: https://review.openstack.org/#/c/28569/ (grizzly)
Upstream: https://review.openstack.org/#/c/28570/ (folsom)
Upstream: https://review.openstack.org/#/c/28568/ (havana)
This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu.

Notes

AuthorNote
jdstrand
Ubuntu 12.04 LTS and lower not affected
/tmp/keystone-signing-nova is created but it is owned by the nova
user and symlink restrictions are in effect.
upstream fix is to change /etc/nova/api-paste.ini. Since this issue
is mitigated by symlink restrictions, ignoring since a config file change is
too intrusive

References

Bugs