SB2017091908 - Security restrictions bypass in Red Hat OpenStack
Published: September 19, 2017 Updated: April 2, 2018
Security Bulletin ID
SB2017091908
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Security restrictions bypass (CVE-ID: CVE-2017-12155)
The vulnerability allows a local attacker to bypass security restriction on the target system.The weakness exists due to resource-permission flaw in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key can bypass security restrcions and read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
Remediation
Install update from vendor's website.