Bug 1066198 – VUL-0: CVE-2017-16239: openstack-nova: Filter Scheduler bypass through rebuild action

Bug 1066198 - (CVE-2017-16239) VUL-0: CVE-2017-16239: openstack-nova: Filter Scheduler bypass through rebuild action

(CVE-2017-16239)
Summary:	VUL-0: CVE-2017-16239: openstack-nova: Filter Scheduler bypass through rebuil...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://trello.com/c/MfJgA9wi
Whiteboard:	CVSSv3:SUSE:CVE-2017-16239:4.2:(AV:N/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-11-02 12:50 UTC by Johannes Segitz
Modified:	2020-04-28 15:47 UTC (History)
CC List:	7 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 6 Marcus Meissner 2017-11-15 11:27:32 UTC

issue is public now.

https://security.openstack.org/ossa/OSSA-2017-005.html


OSSA-2017-005: Nova Filter Scheduler bypass through rebuild action
Date:	November 14, 2017
CVE:	CVE-2017-16239
Affects

    Nova: <=14.0.9, >=15.0.0 <=15.0.7, >=16.0.0 <=16.0.2

Description

George Shuklin from servers.com reported a vulnerability in Nova. By rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected.
Patches

    https://review.openstack.org/519684 (Newton)
    https://review.openstack.org/519681 (Ocata)
    https://review.openstack.org/519672 (Pike)
    https://review.openstack.org/519662 (Queens)

Credits

    George Shuklin from Servers.com (CVE-2017-16239)

References

    https://launchpad.net/bugs/1664931
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239

Comment 7 Johannes Segitz 2017-11-22 11:20:39 UTC

From: Tristan Cacqueray

The final patches for stable/newton and stable/ocata have been slightly
modified to accommodate a recent refactor:
 https://review.openstack.org/#/q/Iba0b88172e9a3bfd4f216dd364d70f7e01c60ee2
due to https://bugs.launchpad.net/nova/+bug/1702454

Please find the correct versions here:

queens (master): https://review.openstack.org/519662
stable/pike:     https://review.openstack.org/519672
stable/ocata:    https://review.openstack.org/519681
stable/newton:   https://review.openstack.org/519684

Comment 10 Swamp Workflow Management 2017-11-24 20:08:35 UTC

SUSE-SU-2017:3080-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1066198
CVE References: CVE-2017-16239
Sources used:
SUSE OpenStack Cloud 7 (src):    openstack-nova-14.0.10~dev13-4.11.1, openstack-nova-doc-14.0.10~dev13-4.11.3

Comment 13 Keith Berger 2018-01-08 15:42:12 UTC

Rick,

I am not sure the process. I will send it back to the SWAT backlog.

Comment 17 Boris Bobrov 2018-03-26 14:56:06 UTC

Fixed in https://build.opensuse.org/request/show/569718

Comment 18 Nanuk Krinner 2018-03-26 15:07:59 UTC

@Rick: The fixes are in for SOC6:
https://build.opensuse.org/request/show/569718 which already landed in Devel:Cloud:6. Can you trigger the update? Thanks!

Comment 19 Nanuk Krinner 2018-03-26 15:10:21 UTC

Reopened - bug needs to be closed by the security team.

Comment 21 Rick Salevsky 2018-03-28 11:36:52 UTC

Update got submitted, reassigning to security.

Comment 22 Alexandros Toptsoglou 2020-04-28 15:47:14 UTC

Done