RHEL 7 : openstack-ironic (RHSA-2016:1377)

high Nessus Plugin ID 210227

Synopsis

The remote Red Hat host is missing a security update for openstack-ironic.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1377 advisory.

OpenStack Bare Metal (ironic) is a tool used to provision bare metal (as opposed to virtual) machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality.

Security Fix(es):

* An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew (or was able to guess) the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses. (CVE-2016-4985)

Red Hat would like to thank the OpenStack Ironic project for reporting this issue. Upstream acknowledges Devananda van der Veen (IBM) as the original reporter.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL openstack-ironic package based on the guidance in RHSA-2016:1377.

See Also

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1346193

http://www.nessus.org/u?9a715bbf

https://access.redhat.com/errata/RHSA-2016:1377

Plugin Details

Severity: High

ID: 210227

File Name: redhat-RHSA-2016-1377.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/4/2024

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2016-4985

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:openstack-ironic-api, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:openstack-ironic-conductor, p-cpe:/a:redhat:enterprise_linux:openstack-ironic-common, p-cpe:/a:redhat:enterprise_linux:openstack-ironic

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 7/4/2016

Vulnerability Publication Date: 6/21/2016

Reference Information

CVE: CVE-2016-4985

CWE: 290

RHSA: 2016:1377