PT-2014-8709 · Openstack+1 · Openstack Compute+1

Marcio Roberto Starke

Published

2014-10-15

Updated

2018-11-16

CVE-2014-8750

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions prior to 2014.1.4 OpenStack Compute (Nova) versions prior to 2014.2rc1

Description A race condition exists in the VMware driver of OpenStack Compute (Nova), allowing remote authenticated users to access unintended consoles. This occurs when an instance is spawned, triggering the allocation of the same VNC port to two different instances.

Recommendations For versions prior to 2014.1.4, update to version 2014.1.4 or later to resolve the issue. For versions prior to 2014.2rc1, update to version 2014.2rc1 or later to resolve the issue.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2014-8750

RHSA-2014:1689

RHSA-2014:1781

RHSA-2014:1782

Affected Products

Openstack Compute

Vmware

PT-2014-8709 · Openstack+1 · Openstack Compute+1

CVE-2014-8750

Weakness Enumeration

Related Identifiers

Affected Products

References · 9