CVE-2014-8750
medium
CVSS v3
—
CVSS v2
6.5
VIR risk
6.5
Description
Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-8750
Vendor advisory: cve@mitre.org — http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2014-8750.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 0 |
| debian | sid | fixed | 0 |
| debian | trixie | fixed | 0 |
References
- https://www.suse.com/security/cve/CVE-2014-8750.html
- http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html
- http://rhn.redhat.com/errata/RHSA-2014-1689.html
- http://rhn.redhat.com/errata/RHSA-2014-1781.html
- http://rhn.redhat.com/errata/RHSA-2014-1782.html
- http://secunia.com/advisories/60227
- http://www.openwall.com/lists/oss-security/2014/10/14/9
- http://www.securityfocus.com/bid/70182
- https://bugs.launchpad.net/nova/+bug/1357372
- https://security-tracker.debian.org/tracker/CVE-2014-8750
CWEs
CWE-362
Verify integrity in audit chain (admin only). AS-IS.