© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
For evaluating seriousness of this issue, the vulnerability has been exploited at a production OpenStack deployment. The attacker connected remotely to the console of a testing VM created on a freshly installed, newly added compute node, sent a 'SIGINT' through the TTY to reboot the VM to a single user mode session, created a new account 'setup', modified the sshd configuration to allow password authentication and used that account to mine a crypto-currency, abusing the local CPU resource.
Another big organization has reported the same vulnerability exists on its production OpenStack deployment. Fortunately, the organization has global organization firewall so the vulnerability is reduced only to intranet and is not exploited.
Single-NIC OpenStack deployments are potentially in risk because of public IPs on management network. The network monitoring is detecting active attempts to connect via port 590x from botnets.