CVE-2013-4469 - OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not

CVE-2013-4469

Summary

OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.

References

Vulnerable Configurations

cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*
cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*
cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*

CVSS

Base:	1.9 (as of 13-02-2023 - 04:46)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:N/I:N/A:P

refmap via4

confirm	https://bugs.launchpad.net/nova/+bug/1206081
mlist	[oss-security] 20131031 [OSSA 2013-029] Potential Nova denial of service through compressed disk images (CVE-2013-4463, CVE-2013-4469)
ubuntu	USN-2247-1

Last major update

13-02-2023 - 04:46

Published

02-11-2013 - 18:55

Last modified

13-02-2023 - 04:46