YOU ARE AT:Network Function Virtualization (NFV)Red Hat discovers OpenStack security glitch

Red Hat discovers OpenStack security glitch

Red Hat patches vulnerability in OpenStack subsystem that manages virtual machines

Red Hat recently patched a security glitch in an OpenStack subsystem used to provision network services to virtual machines (VMs), which could have given hackers access to network resources if gone unnoticed.

Red Hat dubbed the incident a “race-condition flaw” found in openstack-neutron, a feature of the Red Hat Openstack Platform that manages VMs, where network security groups were disabled in wake of a security update. The vulnerability is tracked as CVE-2017-7543 in the Common Vulnerabilities and Exposures (CVE) database.

“The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources,” Red Hat noted in its advisory. To address the issue, the company released updated packages for OpenStack 6.0 (Juno), 7.0 (Kilo), 8.0 (Liberty), 9.0 (Mitaka), 10.0 (Newton) and 11.0 (Ocata).

VMs allow service providers to spin up various network functions on top of a hypervisor, which sits between the hardware and operating system (OS). VMs are a relatively young technology, vulnerable to many of the same threats as physical machines, including security breaches, data loss and viruses. The hypervisor isolates the VMs so if one VMs is infected, it may not spread to the others.

VMs are difficult to secure given the complexity of the networks they give rise to. In addition, computers hackers have more opportunities to breach company networks as more businesses switch to the technology. The widespread adoption of virtualized networks isn’t expected to die down anytime soon. According to a recent report by MarkertsandMarkets, the net worth of the global network functions virtualization (NFV) and software-defined network (SDN) market is expected to swell from $3.68 billion this year to $54.41 billion by 2022, at a Compound Annual Growth Rate (CAGR) of 71.4%.

This isn’t the first time Red Hat has had vulnerability issues either. In February, for instance, a different vulnerability, tracked as CVE-2017-6074, more than 11 years old was discovered in a mainline Linux kernel, which infected Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2 kernels. The company rated the problem as important severity and said they would resolve the glitch in future updates. In July, the company said it was very concerned about a CIA hacking tool targeted at Linux operating system. And just this week, Red Hat released kernel patches for Red Hat Enterprise Linux 6.7 and 7.3 to address mild to severe vulnerabilities.

ABOUT AUTHOR

Nathan Cranford
Nathan Cranford
Nathan Cranford joined RCR Wireless News as a Technology Writer in 2017. Prior to his current position, he served as a content producer for GateHouse Media, and as a freelance science and tech reporter. His work has been published by a myriad of news outlets, including COEUS Magazine, dailyRx News, The Oklahoma Daily, Texas Writers Journal and VETTA Magazine. Nathan earned a bachelor’s from the University of Oklahoma in 2013. He lives in Austin, Texas.