[FG-VD-16-015] Openstack Glance Authenticated User DoS Vulnerability Notification
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
New
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Vulnerability Notification
March 7, 2016
Tracking Case #: FG-VD-16-015
Dear Openstack,
The following information pertains to information discovered by Fortinet's FortiGuard Labs. It has been determined that a vulnerability exists in Openstack Glance module. To streamline the disclosure process, we have created a preliminary advisory which you can find below. This upcoming advisory is purely intended as a reference, and does not contain sensitive information such as proof of concept code.
As a mature corporation involved in security research, we strive to responsibly disclose vulnerability information. We will not post an advisory until we determine it is appropriate to do so in co-ordination with the vendor unless a resolution cannot be reached. We will not disclose full proof of concept, only details relevant to the advisory.
We look forward to working closely with you to resolve this issue, and kindly ask for your co-operation during this time. Please let us know if you have any further questions, and we will promptly respond to address any issues.
If this message is not encrypted, it is because we could not find your key to do so. If you have one available for use, please notify us and we will ensure that this is used in future correspondence. We ask you use our public PGP key to encrypt and communicate any sensitive information with us. You may find the key on our FortiGuard center at: http://
Type of Vulnerability & Repercussions:
DoS
Affected Software:
Ubuntu 14.04.3 with latest repository installed
# apt-get install software-
# add-apt-repository cloud-archive:
Upcoming Advisory Reference:
http://
Credits:
This vulnerability was discovered by Fortinet's FortiGuard Labs.
Proof of Concept/How to Reproduce:
1. Run script "sh curl_get_
2. Open script glance_DoS.py, and replace the line 30 "x-auth-token" value with the above token value, also replace the IP in url "http://
3. Run script glance_DoS.py which will keep running forever. You can check the images added by the script using console command "glance image-list" or clicking Dashboard images column. You will notice you cannnot delete the images added by the script. It prompts failure. Refer to the screenshots glance_
4. Because either non-admin or admin user cannot delete the garbage images, with the above PoC running forever, more and more garbage images are added. So finally DoS can be caused because resource is exhausted or glance database query is very very slow.
Notes:
1) Run the PoC glance_DoS.py in Windows 7.
Additional Information:
Changed in ossa: | |
status: | New → Incomplete |
description: | updated |
description: | updated |
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.
This seems like a duplicate of bug 1545092, which is still private. Can you confirm this glance-coresec ?