ID |
CVE-2013-1838
|
Summary |
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function. Per http://www.ubuntu.com/usn/usn-1771-1/
"A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 12.10
Ubuntu 12.04 LTS
Ubuntu 11.10" |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
-
cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
-
cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
-
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
|
CVSS |
Base: | 4.0 (as of 29-08-2017 - 01:33) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-399 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
SINGLE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
redhat
via4
|
advisories | | rpms | - openstack-nova-0:2012.2.3-7.el6ost
- openstack-nova-api-0:2012.2.3-7.el6ost
- openstack-nova-cert-0:2012.2.3-7.el6ost
- openstack-nova-common-0:2012.2.3-7.el6ost
- openstack-nova-compute-0:2012.2.3-7.el6ost
- openstack-nova-console-0:2012.2.3-7.el6ost
- openstack-nova-doc-0:2012.2.3-7.el6ost
- openstack-nova-network-0:2012.2.3-7.el6ost
- openstack-nova-objectstore-0:2012.2.3-7.el6ost
- openstack-nova-scheduler-0:2012.2.3-7.el6ost
- openstack-nova-volume-0:2012.2.3-7.el6ost
- python-nova-0:2012.2.3-7.el6ost
|
|
refmap
via4
|
bid | 58492 | confirm | | misc | https://bugzilla.redhat.com/show_bug.cgi?id=919648 | mlist | - [openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)
- [oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)
| osvdb | 91303 | secunia | | ubuntu | USN-1771-1 | xf | nova-fixedips-dos(82877) |
|
Last major update |
29-08-2017 - 01:33 |
Published |
22-03-2013 - 21:55 |
Last modified |
29-08-2017 - 01:33 |