Marcio, is there any affiliated employer you want credited along with your name as the bug reporter in the upcoming security advisory?
Proposed impact description:
-----
Title: Nova VMware driver connects VNC to console of another tenant
Reporter: Marcio Roberto Starke
Products: Nova
Versions: up to 2014.1.3
Description:
Marcio Roberto Starke reported a vulnerability in the Nova VMware driver. A race condition in its VNC port allocation causes it to connect the wrong console, potentially even one on an instance belonging to another tenant, if these instances are created concurrently. Only Nova setups using the VMware driver and the VNC proxy service are affected.
Marcio, is there any affiliated employer you want credited along with your name as the bug reporter in the upcoming security advisory?
Proposed impact description:
-----
Title: Nova VMware driver connects VNC to console of another tenant
Reporter: Marcio Roberto Starke
Products: Nova
Versions: up to 2014.1.3
Description:
Marcio Roberto Starke reported a vulnerability in the Nova VMware driver. A race condition in its VNC port allocation causes it to connect the wrong console, potentially even one on an instance belonging to another tenant, if these instances are created concurrently. Only Nova setups using the VMware driver and the VNC proxy service are affected.