Specific config setting may result in VMs being taken over through VNC
Bug #1435386 reported by
Thierry Carrez
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
openstack-manuals |
Fix Released
|
Medium
|
Anne Gentle |
Bug Description
Jonathan Hogg from Chargebox reports (edited):
On a single-machine cloud running OpenStack Icehouse and over the last week we have seen compromises of all of the Ubuntu 14.04 VMs running on the machine. Scenario shows the attacker gaining access through VNC (via controlled reboot to reset root password).
QEMU instances are running with -vnc 0.0.0.0:1, which may or may not be the issue.
Changed in ossa: | |
status: | Incomplete → Won't Fix |
Changed in openstack-manuals: | |
importance: | Undecided → Medium |
status: | New → Triaged |
milestone: | none → kilo |
Changed in openstack-manuals: | |
milestone: | kilo → liberty |
no longer affects: | nova |
Changed in openstack-manuals: | |
milestone: | liberty → mitaka |
Changed in openstack-manuals: | |
milestone: | mitaka → newton |
Changed in openstack-manuals: | |
milestone: | newton → ocata |
Changed in openstack-manuals: | |
status: | Confirmed → In Progress |
To post a comment you must log in.
The single-machine cloud was not firewalled, so if QEMU instance exposes the VNC console on 0.0.0.0:1, attackers could find that one through portscan and exploit it.