Comment 28 for bug 1409142
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: Websocket Hijacking Vulnerability in Nova VNC Server (CVE-2015-0259) | #28 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
@Paul correct me if I'm wrong, but an attacker able to redirect a user to a DNS rebinded version of a cloud domain would likely have greater capabilities than just snooping on an eventual opened vnc/spice session... e.g., hijack the whole horizon session. Thus if it's the case, we should address this in another bug.
So far the fix seems to prevent the most trivial exploitation path and we should stick to the original timeline unless there is something wrong with the proposed patch.