Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenStack>
  3. Announce
[OSSA-2017-005] Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239)
tdecacqu at redhat
Nov 14, 2017, 8:28 AM
Post #1 of 1 (563 views)
Permalink
==================================================================
OSSA-2017-005: Nova Filter Scheduler bypass through rebuild action
==================================================================

:Date: November 14, 2017
:CVE: CVE-2017-16239


Affects
~~~~~~~
- Nova: <=14.0.9, >=15.0.0 <=15.0.7, >=16.0.0 <=16.0.2


Description
~~~~~~~~~~~
George Shuklin from servers.com reported a vulnerability in Nova. By
rebuilding an instance, an authenticated user may be able to
circumvent the Filter Scheduler bypassing imposed filters (for
example, the ImagePropertiesFilter or the IsolatedHostsFilter). All
setups using Nova Filter Scheduler are affected.


Patches
~~~~~~~
- https://review.openstack.org/519684 (Newton)
- https://review.openstack.org/519681 (Ocata)
- https://review.openstack.org/519672 (Pike)
- https://review.openstack.org/519662 (Queens)


Credits
~~~~~~~
- George Shuklin from Servers.com (CVE-2017-16239)


References
~~~~~~~~~~
- https://launchpad.net/bugs/1664931
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239

--
Tristan Cacqueray
OpenStack Vulnerability Management Team

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal