CVE-2013-1838 - OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a

CVE-2013-1838

Summary

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function. Per http://www.ubuntu.com/usn/usn-1771-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10"

References

Vulnerable Configurations

cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 29-08-2017 - 01:33)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:P

redhat via4

advisories

rhsa

id	RHSA-2013:0709

rpms

openstack-nova-0:2012.2.3-7.el6ost
openstack-nova-api-0:2012.2.3-7.el6ost
openstack-nova-cert-0:2012.2.3-7.el6ost
openstack-nova-common-0:2012.2.3-7.el6ost
openstack-nova-compute-0:2012.2.3-7.el6ost
openstack-nova-console-0:2012.2.3-7.el6ost
openstack-nova-doc-0:2012.2.3-7.el6ost
openstack-nova-network-0:2012.2.3-7.el6ost
openstack-nova-objectstore-0:2012.2.3-7.el6ost
openstack-nova-scheduler-0:2012.2.3-7.el6ost
openstack-nova-volume-0:2012.2.3-7.el6ost
python-nova-0:2012.2.3-7.el6ost

refmap via4

bid	58492
confirm	https://bugs.launchpad.net/nova/+bug/1125468 https://review.openstack.org/#/c/24451/ https://review.openstack.org/#/c/24452/ https://review.openstack.org/#/c/24453/
misc	https://bugzilla.redhat.com/show_bug.cgi?id=919648
mlist	[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838) [oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)
osvdb	91303
secunia	52580 52728
ubuntu	USN-1771-1
xf	nova-fixedips-dos(82877)

Last major update

29-08-2017 - 01:33

Published

22-03-2013 - 21:55

Last modified

29-08-2017 - 01:33