> This security breach is happening right now here and I > don't know what can I do to fix it, or what should I type > on a BUG at Launchpad... Ubuntu has made it all but impossible to file bug reports. Their circular redirects are worse than a telephone menu system that takes you down a bunch of dead-end paths. Unless you have the URL jotted down in a notebook....
Try this link to file a bug report: https://bugs.launchpad.net/ubuntu/+filebug/?no-redirect. The pages asks you to select a package. But I find the package search tool is nearly broken, and often have to file them under "I Don't Know" because the package I am looking for is not a selection. *> This problem is very serious*, mostly because "Tenant A" > can't see its own instances, so, he is unable to use the > OpenStack anymore and, "Tenant B" isn't aware that someone > else is accessing its Instances without his permission. There's a few CVE's associated with similar: * http://insecure.org/search.html?q=openstack%20tenant * http://insecure.org/search.html?q=openstack%20vnc See, for example "VNC proxy can connect to the wrong VM", http://seclists.org/oss-sec/2013/q1/456. Perhaps you are seeing an unpatched bug due to a downlevel version of the software? Jeff On Mon, Dec 23, 2013 at 3:57 PM, Martinx - ジェームズ <thiagocmarti...@gmail.com>wrote: > Hi Diego! > > I did not reinstall OpenStack components or Compute Node... It was a fresh > install, that I started using into production. > > I already did this before, I mean, reinstall things without formatting the > server but, I always remove all the remaining instances, with virt-manager, > before starting it over again, but not this time. > > This security breach is happening right now here and I don't know what can > I do to fix it, or what should I type on a BUG at Launchpad... > > *This problem is very serious*, mostly because "Tenant A" can't see its > own instances, so, he is unable to use the OpenStack anymore and, "Tenant > B" isn't aware that someone else is accessing its Instances without his > permission. > > I'm sure that this problem is worth to take a look by someone more expert > than I. >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
