惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Heimdal Security Blog
A
Arctic Wolf
K
Kaspersky official blog
V
Vulnerabilities – Threatpost
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Simon Willison's Weblog
Simon Willison's Weblog
L
LINUX DO - 热门话题
MongoDB | Blog
MongoDB | Blog
T
Threat Research - Cisco Blogs
D
Docker
爱范儿
爱范儿
T
Tenable Blog
C
Check Point Blog
B
Blog
C
Cisco Blogs
Vercel News
Vercel News
The Cloudflare Blog
T
Threatpost
NISL@THU
NISL@THU
T
Tor Project blog
V2EX - 技术
V2EX - 技术
P
Palo Alto Networks Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Tailwind CSS Blog
G
GRAHAM CLULEY
P
Privacy & Cybersecurity Law Blog
SecWiki News
SecWiki News
博客园 - 司徒正美
S
Security @ Cisco Blogs
GbyAI
GbyAI
S
Secure Thoughts
Microsoft Security Blog
Microsoft Security Blog
The Register - Security
The Register - Security
Recorded Future
Recorded Future
Cloudbric
Cloudbric
Webroot Blog
Webroot Blog
N
News and Events Feed by Topic
Y
Y Combinator Blog
博客园_首页
T
Troy Hunt's Blog
The Hacker News
The Hacker News
雷峰网
雷峰网
Google DeepMind News
Google DeepMind News
U
Unit 42
AWS News Blog
AWS News Blog
PCI Perspectives
PCI Perspectives
V
Visual Studio Blog
博客园 - 聂微东
有赞技术团队
有赞技术团队
酷 壳 – CoolShell
酷 壳 – CoolShell

OpenStack - Recent changes [en]

Security Notes - OpenStack OSSN/OSSN-0098 - OpenStack User:ZlixnupTop - OpenStack OpenStack OpenStack Meetings/InfraTeamMeeting - OpenStack User:Jibzfloopgraip - OpenStack OpenStack OpenStack OpenStack OpenStack OpenStack User:Normanroppy - OpenStack OpenStack OpenStack OpenStack OpenStack OpenStack OpenStack OpenStack OpenStack OpenStack OpenStack Difference between revisions of "Meetings/QATeamMeeting" OpenStack Difference between revisions of "CinderMeetings" OpenStack OpenStack OpenStack User:Mufftroxkeere - OpenStack OpenStack 错误 - OpenStack User talk:Normanamoup - OpenStack User:Normanamoup - OpenStack OpenStack OpenStack OpenStack User:Vernonclife - OpenStack User:ForloveBlics - OpenStack User:RobertFap - OpenStack User:Victorbam - OpenStack User:Wompvlimdiaks - OpenStack User:EliseRose - OpenStack “Post quantum openstack”的版本间的差异 - OpenStack User:DonaldJog - OpenStack StarlingX/Containers/Applications/HowToAddNewFluxCDAppInSTX - OpenStack User:Vincentthern - OpenStack User:Robertaided - OpenStack Difference between revisions of "Meetings/InfraTeamMeeting" CinderHibiscusPTGSummary - OpenStack Difference between revisions of "CinderHibiscusPTGSummary" Difference between revisions of "Edge Computing Group" Difference between revisions of "Meetings/Nova" Difference between revisions of "Meetings/NeutronDrivers" “Python Client Library (Marconi)”的版本间的差异 - OpenStack Python Client Library (Marconi) - OpenStack User:JamesCence - OpenStack “StarlingX/Releases”的版本间的差异 - OpenStack “Operations/Meetups”的版本间的差异 - OpenStack “Edge Computing Group”的版本间的差异 - OpenStack User:Doramaland axola - OpenStack User:Josephhek - OpenStack User:CharlesDrapy - OpenStack User:DonaldNax - OpenStack User:Charlesjet - OpenStack User:Marioraith - OpenStack User:GustavoAburf - OpenStack “Technical Committee Tracker”的版本间的差异 - OpenStack Technical Committee Tracker - OpenStack User:HaroldNow - OpenStack User:Antoniobag - OpenStack User:Esmeraldosixq - OpenStack User:RonniAbimi - OpenStack “OSSN/OSSN-0095”的版本间的差异 - OpenStack OSSN/OSSN-0095 - OpenStack “Security Notes”的版本间的差异 - OpenStack Security Notes - OpenStack User:SoniaTed - OpenStack User:Theresalag - OpenStack User:MarieNeumn - OpenStack User:FrancesAdate - OpenStack User:JacobReaft - OpenStack User:DanielHoutt - OpenStack User:Jesseedism - OpenStack User:Esmeraldosnxi - OpenStack User:ScottLat - OpenStack User:Gribmookmaync - OpenStack User:Esmeraldoshjp - OpenStack “Manila/Meetings”的版本间的差异 - OpenStack User:Esmeraldostbd - OpenStack User:Esmeraldosfrt - OpenStack “Meetings/QATeamMeeting”的版本间的差异 - OpenStack User:Grobsnobwef - OpenStack User:Esmeraldosjoy - OpenStack User:SwhegrRib - OpenStack “ThirdPartySystems”的版本间的差异 - OpenStack “Manila”的版本间的差异 - OpenStack User:Jameswhend - OpenStack “Network/Meetings”的版本间的差异 - OpenStack “Swift/Etherpads”的版本间的差异 - OpenStack
“OSSN/OSSN-0100”的版本间的差异 - OpenStack
Jay Faulkner · 2026-06-17 · via OpenStack - Recent changes [en]
(未显示同一用户的1个中间版本)
第1行: 第1行:

Command Injection in IPA via chroot Execution of Tenant-Controlled binaries

+

= OSSN-0100 =

---

+

== Command Injection in IPA via chroot Execution of Tenant-Controlled binaries ==

  
 

=== Summary ===

 

=== Summary ===

第80行: 第80行:
  
 

This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0100

 

This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0100

 +
 

Original Launchpad bug: https://bugs.launchpad.net/ironic-python-agent/+bug/2148310

 

Original Launchpad bug: https://bugs.launchpad.net/ironic-python-agent/+bug/2148310

 +
 

Mailing List : [security-sig] tag on openstack-discuss@lists.openstack.org

 

Mailing List : [security-sig] tag on openstack-discuss@lists.openstack.org

 +
 

OpenStack Security : https://security.openstack.org/

 

OpenStack Security : https://security.openstack.org/

 +
 

CVE: CVE-2026-43003

 

CVE: CVE-2026-43003


2026年6月16日 (二) 22:07的最新版本

目录

  • 1 OSSN-0100
    • 1.1 Command Injection in IPA via chroot Execution of Tenant-Controlled binaries
      • 1.1.1 Summary
      • 1.1.2 Affected Services / Software
      • 1.1.3 Discussion
      • 1.1.4 Recommended Actions
        • 1.1.4.1 Patches
          • 1.1.4.1.1 Ironic
          • 1.1.4.1.2 Ironic Python Agent
      • 1.1.5 Credits
      • 1.1.6 Contacts / References

OSSN-0100

Command Injection in IPA via chroot Execution of Tenant-Controlled binaries

Summary

Tuomo Tanskanen (Ericsson Software Technology) and Dmitry Tantsur (Red Hat) from the Metal3.io Security Team reported a vulnerability in Ironic Python Agent (IPA) when deploying a partition image that lacks boot artifacts. A malicious partition image can include crafted grub-install binary or other arbitrary binaries in the chroot path which IPA executes on the provisioning network host. This affects all partition images that require Ironic to manage the bootloader installation (BIOS-booted nodes without boot artifacts).

The practical impact is limited; the attacker needs the ability to supply a partition image for bare-metal deployment and at the point of exploitation, IPA holds only an outdated agent_token and a heavily redacted node object.

Whole disk images are not affected and partition images that include their own EFI boot artifacts at /boot and /efi are also not affected as Ironic copies them without executing grub-install.

Affected Services / Software

  • ironic: <29.0.6, >=30.0.0 <32.0.2, >=33.0.0 <35.0.2, >=36.0.0 <37.0.0
  • ironic-python-agent: <10.2.3, >=11.0.0 <11.2.1, >=11.3.0 <11.5.1

Discussion

As it is not feasible to secure execution of a bootloader install binary due to technical limitations, the Ironic team has chosen to make this feature optional and disabled by default in the current development version.

Backported versions of this change do not enable this restriction by default to avoid breaking existing installations.

The vulnerable code path has existed for the entirety of the history of Ironic Python Agent, however, there are safeguards in place to prevent escalation of privileges from the provisioning network. Additionally, prior to Ironic 17.0.0, only cloud administrators could supply images for deployment, limiting the impact of this issue.

Recommended Actions

Apply the provided Ironic and Ironic-Python-Agent patches.

Evaluate your use cases; flip ``CONF.agent.enable_bios_bootloader_install`` to ``False`` on Ironic conductors once confirming you are not using any partition images relying on a bootloader installation.

Patches

The following reviews contain the fix for this issue:

Ironic
Ironic Python Agent

Credits

Dmitry Tantsur, Red Hat Tuomo Tanskanen, Ericsson Software Technology Metal3.io Security Team

Contacts / References

Authors:

  • Jay Faulkner, G-Research Open Source Software (GR-OSS)

This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0100

Original Launchpad bug: https://bugs.launchpad.net/ironic-python-agent/+bug/2148310

Mailing List : [security-sig] tag on openstack-discuss@lists.openstack.org

OpenStack Security : https://security.openstack.org/

CVE: CVE-2026-43003