Incorrect secret key causes user details to be revealed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Critical
|
Stanislaw Pitucha | ||
Diablo |
Fix Released
|
Undecided
|
Unassigned | ||
nova (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
High
|
Jamie Strandboge | ||
Natty |
Fix Released
|
High
|
Jamie Strandboge | ||
Oneiric |
Fix Released
|
High
|
Jamie Strandboge | ||
Precise |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
If the secret key doesn't match for the ec2 request, the exception passed back to the user, showing the correct password.
To replicate:
# export EC2_ACCESS_
# export EC2_SECRET_
# euca-describe-
Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error
BotoServerError: 500 Internal Server Error
Traceback (most recent call last):
File "/usr/lib/
result = self.applicatio
File "/usr/lib/
return app(environ, start_response)
File "/usr/lib/
resp = self.call_func(req, *args, **self.kwargs)
File "/usr/lib/
return self.func(req, *args, **kwargs)
File "/usr/lib/
rv = req.get_
File "/usr/lib/
application, catch_exc_
File "/usr/lib/
app_iter = application(
File "/usr/lib/
resp = self.call_func(req, *args, **self.kwargs)
File "/usr/lib/
return self.func(req, *args, **kwargs)
File "/usr/lib/
req.path)
File "/usr/lib/
user=user)
InvalidSignature: Invalid signature w6q++6lcvoEcBkc
Related branches
- Ubuntu Development Team: Pending requested
-
Diff: 1610 lines (+1514/-9)10 files modified.pc/applied-patches (+1/-0)
.pc/security-fix-lp868360.patch/Authors (+125/-0)
.pc/security-fix-lp868360.patch/nova/api/ec2/__init__.py (+440/-0)
.pc/security-fix-lp868360.patch/nova/auth/manager.py (+842/-0)
Authors (+1/-0)
debian/changelog (+30/-0)
debian/patches/security-fix-lp868360.patch (+70/-0)
debian/patches/series (+1/-0)
nova/api/ec2/__init__.py (+2/-1)
nova/auth/manager.py (+2/-8)
CVE References
Changed in nova: | |
status: | New → Fix Committed |
importance: | Undecided → Critical |
Changed in nova (Ubuntu Oneiric): | |
status: | Triaged → In Progress |
Changed in nova (Ubuntu Maverick): | |
assignee: | Jamie Strandboge (jdstrand) → nobody |
Changed in nova (Ubuntu Natty): | |
assignee: | Jamie Strandboge (jdstrand) → nobody |
Changed in nova (Ubuntu Natty): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in nova (Ubuntu Maverick): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in nova: | |
milestone: | none → essex-1 |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
assignee: | nobody → Stanislaw Pitucha (stanislaw-pitucha) |
Changed in nova: | |
milestone: | essex-1 → 2012.1 |
Fix available in https:/ /review. openstack. org/794