Nova qemu hypervisor host smbios serial number is leaked to guest
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Undecided
|
Daniel Berrange | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
OpenStack Security Notes |
Fix Released
|
Medium
|
Nathan Kinder |
Bug Description
Erwan Velu from eNovance reported a vulnerability in OpenStack Nova.
The hypervisor is passing host system uuid (-smbios version) to guests, and this happen to be a critical info leak.
The defect have been pinpointed to:
https:/
From a simple virtual machine, this may allow numerous info leak like:
Allow compute hardware enumeration from guests
Deduce service tag and get all hardware configuration
Ability to know if two instances are on the same compute
Dell hardware is particulary impacted as :
- the uuid encodes the service tag
- the service tag can be used on support site to determine:
- detailled hardware configuration
- date & country where the hw was shipped
- date & type of support contract
- amount of servers bought during this shipment
If there is no use case for this, we should scrambled that piece of information.
Changed in ossa: | |
status: | New → Incomplete |
Changed in ossa: | |
status: | Confirmed → Incomplete |
Changed in ossa: | |
importance: | Medium → Undecided |
information type: | Private Security → Public |
Changed in ossa: | |
status: | Incomplete → Won't Fix |
tags: | added: security |
Changed in ossn: | |
assignee: | nobody → Nathan Kinder (nkinder) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in nova: | |
milestone: | none → juno-3 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | juno-3 → 2014.2 |
Here is a fix for master, thanks to Vladik