CVE-2013-0335 : VNC proxy can connect to the wrong VM

OpenStack Security Advisory: 2013-006

CVE: CVE-2013-0335
Date: February 26, 2013
Title: VNC proxy can connect to the wrong VM
Reporter: Loganathan Parthipan (HP), Rohit Karajgi (NTT Data)
Products: Nova
Affects: All versions

Description:

Loganathan Parthipan (HP) and Rohit Karajgi (NTT Data) independently
reported a vulnerability in Nova. If a user requests a console and
then deletes the VM, it is possible that the console token could allow
connectivity to a different VM before the console token expires if the
VNC port gets reused in that time period. This issue can be worked
around by disabling VNC support.

Fixes:

References:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>