Race Condition Vulnerability in OpenStack's VMware Driver
CVE-2014-8750

Currently unrated

Key Information:

Vendor: Openstack
Status: Nova
Vendor: CVE Published:; 15 October 2014

Summary

A race condition in the VMware driver of OpenStack Compute (Nova) prior to versions 2014.1.4 and 2014.2 before 2014.2rc1 permits remote authenticated users to access unintended VNC consoles. This is achieved by spawning instances that align VNC port allocations, allowing for potential cross-tenant visibility and control over consoles. Administrators are advised to upgrade to the latest versions to mitigate these risks.

References

https://bugs.launchpad.net/nova/+bug/1357372

x_refsource_CONFIRM

http://secunia.com/advisories/60227

third-party-advisoryx_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2014-1689.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Oct 15, 2014
Vulnerability Reserved
Oct 13, 2014