Access bypass - CVE-2016-4383

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU809

Access bypass - CVE-2016-4383

Published: September 15, 2016 / Updated: October 10, 2016


Vulnerability identifier: #VU809
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-4383
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor:
Affected software:

Detailed vulnerability description

The vulnerability allows a remote authenticated user to bypass access and authorization restrictions on the target system.
The weakness is caused by access control error. Attackers can reuse already deleted Glance image IDs and share them with other malicious users. The vulnerability occurs when the Helion OpenStack administrators deleted image IDs from the Glance database or allowed non-administrators to share or
create public images.
Successful exploitation of the vulnerability allows attackers to bypass security restrictions and share already deleted image IDs.

How to mitigate CVE-2016-4383

HPE has provided the following mitigation instructions for HPE Helion OpenStack Glance:

  • This procedure ensures that images shared between two tenants who trust each other are not maliciously replaced by a malicious tenant reusing a deleted image ID. Perform the following action:
  1. The admin should update the policy.json file so that only admins can deactivate/reactivate images: "deactivate": "role:admin", "reactivate": "role:admin",
  2. All public or shared images should be quarantined by marking them as deactivated using the Glance API.
  3. The admin should inspect all public/shared images to see if they have been replaced by malicious images.
  4. Any images which cannot be confirmed to be non-malicious should be left deactivated.

  5. Images which can be confirmed to be non-malicious images can be reactivated using the Glance API.


Sources