Red Hat Security Advisory 2013-0709-01 - The openstack-nova packages provide OpenStack Compute, which provides services for provisioning, managing, and using virtual machine instances. A flaw was found in the way the Nova VNC proxy handled console tokens. In some cases, a console token that was valid for one virtual machine could be used to connect to the console of a different user's virtual machine. Note that this flaw did not bypass the normal user name and password authentication on the virtual machine. The attacker would need to know valid credentials to log into the virtual machine.
2e59c9b0e9458f469f5b3f76f77befe898d28290ebdd12922a9520bba5244d4c
Ubuntu Security Notice 1771-1 - Loganathan Parthipan discovered that Nova did not properly validate VNC tokens after an instance was deleted. An authenticated attacker could exploit this to access other virtual machines under certain circumstances. This issue did not affect Ubuntu 11.10. Vish Ishaya discovered that Nova did not always enforce quotas on fixed IPs. An authenticated attacker could exploit this to cause a denial of service via resource consumption. Nova will now enforce a quota limit of 10 fixed IPs per instance, which is configurable via 'quota_fixed_ips' in /etc/nova/nova.conf. Various other issues were also addressed.
fa145558c86a02448ee9a16b2027725b5e54bc17d094a144c43a0f6f2e65abe9