Glance

Pickled data in Glance database enables remote code execution

Bug #1213241 reported by Brian Waldon on 2013-08-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Glance	Fix Released	Critical	John Bresnahan	Glance 2013.2 "havana"

Bug Description

Glance uses pickled python objects for the storage of image location metadata in its SQL database backend [1]. In the event that the database server running beneath Glance is compromised, the usage of pickle will allow an attacker to execute untrusted code remotely and further compromise the cloud [2] [3].

[1] https://github.com/openstack/glance/blob/master/glance/db/sqlalchemy/models.py#L157
[2] See warning at the top of the pickle module doc: http://docs.python.org/2/library/pickle.html
[3] http://blog.nelhage.com/2011/03/exploiting-pickle/

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-08-16:

I'd say this could be valid for OSSA because you escalate from DB compromise (DoS, data exploitation) to remote code execution with the glance user rights...

Changed in ossa:
status:	New → Incomplete

Revision history for this message

Brian Waldon (bcwaldon) wrote on 2013-08-16:

@thierry - totally agree. I don't have an example exploit, but thinking through the problem this does seem pretty terrible. Let's see what the openstack vuln mgmt team thinks...

Revision history for this message

Mark Washenberger (markwash) wrote on 2013-08-16:

Ack, good point. . .

Changed in glance:
status:	New → Confirmed

Revision history for this message

Jeremy Stanley (fungi) wrote on 2013-08-17:

Even just from the perspective of separating operational roles, this means that someone who may already have authorization to write to the glance DB (for example to perform database maintenance) can in turn take direct control of any glance server. So yes, I would consider this a vulnerability worthy of an official announcement.

Thierry Carrez (ttx) on 2013-08-19

Changed in ossa:
status:	Incomplete → Confirmed

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-08-19:

This might be tricky to fix while maintaining backward compatibility. Any taker for a patch ?

Changed in ossa:
importance:	Undecided → Medium
Changed in glance:
importance:	Undecided → High

Mark Washenberger (markwash) on 2013-08-20

Changed in glance:
milestone:	none → havana-3

Revision history for this message

Mark Washenberger (markwash) wrote on 2013-08-22:

I'm not really sure this issue needs to be locked away.

This schema change was introduced during the havana dev cycle, so I do not expect it has been widely used as of yet.

And, of course, it is very easy to find in the current code that PickleTypes are being used--so the bug is not particularly obscure.

If it should be locked, how can I add permissions for certain contributors to view this bug?

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-08-22:

If it's havana-only, then I think we don't need to release an OSSA for it, as havana is not security-supported yet. So I think we can open. Let me doublecheck with Jeremy and we'll get back to you.

Changed in ossa:
importance:	Medium → Undecided
status:	Confirmed → Incomplete

Revision history for this message

Jeremy Stanley (fungi) wrote on 2013-08-23:

Ahh, yes, I would consider this a security vulnerability in unreleased software, fixed prior to official release. Given the class of vulneravility and limited potential points of exposure, coupled with the fact that we don't currently encourage continuous-deployment or milestone snapshots for production use cases, It's probably not necessary to issue an OSSA. CVEs are often enough assigned to pre-release/beta software versions if they're in wide use (where defining wide is left as an exercise for the reader), but I'd leave it up to the security group to decide whether they want to pursue a CVE assignment for it once the bug is opened up.

Thierry Carrez (ttx) on 2013-08-23

information type:	Private Security → Public
no longer affects:	ossa
Changed in glance:
importance:	High → Critical

Mark Washenberger (markwash) on 2013-09-03

Changed in glance:
assignee:	nobody → Mark Washenberger (markwash)

Revision history for this message

Mark Washenberger (markwash) wrote on 2013-09-05:

At this point jbresnah is in pursuit of the issue.

I think it might make sense to avoid actually unpickling the data during the migration to a different storage format, but I'm curious if any of the followers here might encounter problems with such a scheme?

Changed in glance:
assignee:	Mark Washenberger (markwash) → John Bresnahan (jbresnah)

Mark Washenberger (markwash) on 2013-09-05

Changed in glance:
milestone:	havana-3 → havana-rc1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-09-05: Fix proposed to glance (master)

#10

Fix proposed to branch: master
Review: https://review.openstack.org/45335

Changed in glance:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-09-24: Fix merged to glance (master)

#11

Reviewed: https://review.openstack.org/45335
Committed: http://github.com/openstack/glance/commit/60ab0c8c564af989882f0ea2609019ea7206e2b3
Submitter: Jenkins
Branch: master

commit 60ab0c8c564af989882f0ea2609019ea7206e2b3
Author: John Bresnahan <email address hidden>
Date: Thu Sep 5 11:07:29 2013 -1000

Convert location meta data from pickle to string.

This patch fixes a potential security issue.
Fixes bug: 1213241

Change-Id: I6414d16ec72f26ceabbaf1364ad737f19f18381e

Changed in glance:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-10-02

Changed in glance:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-10-17

Changed in glance:
milestone:	havana-rc1 → 2013.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.