Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-8750

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.

Published

2014-10-15T14:55:09.637

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openstack	nova	< 2014.1.4	Yes
Application	openstack	nova	2014.2	Yes
Application	openstack	nova	2014.2	Yes
Application	openstack	nova	2014.2	Yes

References

http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html Vendor Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-1689.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-1781.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-1782.html Third Party Advisory ([email protected])
http://secunia.com/advisories/60227 Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2014/10/14/9 Mailing List, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/70182 Third Party Advisory, VDB Entry ([email protected])
https://bugs.launchpad.net/nova/+bug/1357372 Third Party Advisory ([email protected])
http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-1689.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-1781.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-1782.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/60227 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2014/10/14/9 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/70182 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/nova/+bug/1357372 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)