First Last Prev Next    This bug is not in your last search results.
Bug 873234 - (CVE-2014-0162) VUL-0: CVE-2014-0162: openstack-glance: remote code execution in Glance Sheepdog backend
(CVE-2014-0162)
VUL-0: CVE-2014-0162: openstack-glance: remote code execution in Glance Sheep...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/97819/
maint:released:sle11-sp3-uptu:57089
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-04-11 15:17 UTC by Alexander Bergmann
Modified: 2015-07-23 09:30 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2014-04-11 15:17:17 UTC 
Via rh#1085163:

A flaw was found in the Glance Sheepdog backend. A user who is able to insert or modify Glance image metadata could use this flaw to execute arbitrary commands with the privileges of the user who is running the Glance service.

Versions 2013.2 up to 2013.2.3 are affected.

Acknowledgements:

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Paul McMillan (Nebula) as the original reporter.

CVE-2014-0162 was assigned to this issue.

Public via:

http://www.openwall.com/lists/oss-security/2014/04/10/13
https://launchpad.net/bugs/1298698

Juno (development branch) fix:
https://review.openstack.org/86622

Icehouse (milestone-proposed branch) fix:
https://review.openstack.org/86625

Havana fix:
https://review.openstack.org/86626

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1085163
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0162
Comment 1 Bernhard Wiedemann 2014-04-11 18:46:24 UTC 
I can see in our
/opt/dell/chef/cookbooks/glance/templates/default/glance-api.conf.erb:

# ============ Sheepdog Store Options =============================

sheepdog_store_address = localhost

sheepdog_store_port = 7000

# Images will be chunked into objects of this size (in megabytes).
# For best performance, this should be a power of two
sheepdog_store_chunk_size = 64


but does this mean, it is active?
Comment 2 Swamp Workflow Management 2014-04-11 22:00:38 UTC 
bugbot adjusting priority
Comment 3 Dirk Mueller 2014-04-14 09:26:08 UTC 
it is configured to be active, but since the probe fails, the backend is disabled on start. The probe fails because we don't package sheepdog and we don't ship it.

We're not affected by the security bug.
Comment 4 Vincent Untz 2014-04-17 11:50:55 UTC 
Submitted: sr#36519
Comment 5 SMASH SMASH 2014-04-17 12:10:19 UTC 
Affected packages:

SLE-11-SP3-PRODUCTS: openstack-glance
Comment 6 Swamp Workflow Management 2014-04-17 12:12:23 UTC 
The SWAMPID for this issue is 57063.
This issue was rated as moderate.
Please submit fixed packages until 2014-05-01.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 8 Swamp Workflow Management 2014-04-24 19:49:22 UTC 
Update released for: openstack-glance, openstack-glance-doc, openstack-glance-test, python-glance
Products:
SUSE-CLOUD 3.0 (x86_64)
Comment 9 Swamp Workflow Management 2014-04-24 23:04:35 UTC 
SUSE-SU-2014:0567-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 872331,873234
CVE References: CVE-2014-0162
Sources used:
SUSE Cloud 3 (src):    openstack-glance-2013.2.3.dev1.g13069a4-0.7.1, openstack-glance-doc-2013.2.3.dev1.g13069a4-0.7.1
Comment 10 Johannes Segitz 2014-06-23 12:43:19 UTC 
all packages fixed
Comment 11 Victor Pereira 2015-07-23 09:30:47 UTC 
resolved, fixed and released.
First Last Prev Next    This bug is not in your last search results.