Your submission was sent successfully! Close

CVE-2013-6419

Published: 11 December 2013

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.

Priority

Medium

Status

Package Release Status
neutron
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1:2014.1~b3-0ubuntu1)
Patches:
Upstream: https://review.openstack.org/61442 (havana)
Upstream: https://review.openstack.org/61439 (icehouse)
nova
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1:2014.1~b3-0ubuntu2)
Patches:
Upstream: https://review.openstack.org/61435 (havana)
Upstream: https://review.openstack.org/61428 (icehouse)

Notes

AuthorNote
mdeslaur
OSSA 2013-033
jdstrand
requires updating both nova and neutron. Ubuntu 13.04 and lower do
not have neutron in the archive, so ignoring
requires instance_id to be exposed to attacker

References

Bugs