CVE-2013-2096 - OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 ima

CVE-2013-2096

Summary

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.

References

Vulnerable Configurations

cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*
cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 08-01-2014 - 04:37)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	59924
confirm	https://review.openstack.org/#/c/28717/ https://review.openstack.org/#/c/28901/ https://review.openstack.org/#/c/29192/
mlist	[openstack-announce] 20130516 [OSSA 2013-012] Nova fails to verify image virtual size (CVE-2013-2096)
ubuntu	USN-1831-1

Last major update

08-01-2014 - 04:37

Published

09-07-2013 - 17:55

Last modified

08-01-2014 - 04:37