1. CVE-Search
  2. CVE-2013-6437
ID CVE-2013-6437
Summary The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.
References
Vulnerable Configurations
  • cpe:2.3:a:openstack:nova:2013.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1:milestone1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1:milestone1:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 16-11-2018 - 14:55)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2014:0231
rpms
  • openstack-nova-0:2013.2.2-2.el6ost
  • openstack-nova-api-0:2013.2.2-2.el6ost
  • openstack-nova-cells-0:2013.2.2-2.el6ost
  • openstack-nova-cert-0:2013.2.2-2.el6ost
  • openstack-nova-common-0:2013.2.2-2.el6ost
  • openstack-nova-compute-0:2013.2.2-2.el6ost
  • openstack-nova-conductor-0:2013.2.2-2.el6ost
  • openstack-nova-console-0:2013.2.2-2.el6ost
  • openstack-nova-doc-0:2013.2.2-2.el6ost
  • openstack-nova-network-0:2013.2.2-2.el6ost
  • openstack-nova-novncproxy-0:2013.2.2-2.el6ost
  • openstack-nova-objectstore-0:2013.2.2-2.el6ost
  • openstack-nova-scheduler-0:2013.2.2-2.el6ost
  • python-nova-0:2013.2.2-2.el6ost
refmap via4
confirm https://bugs.launchpad.net/nova/+bug/1253980
mlist [openstack-announce] 20131218 [OSSA 2013-037] Nova compute DoS through ephemeral disk backing files (CVE-2013-6437)
Last major update 16-11-2018 - 14:55
Published 06-03-2014 - 15:55
Last modified 16-11-2018 - 14:55
Back to Top