Denial of Service Vulnerability in OpenStack Nova Scheduler
CVE-2012-3371

Currently unrated

Key Information:

Vendor: Openstack
Status: Compute; Essex; Folsom
Vendor: CVE Published:; 17 July 2012

Summary

The Nova scheduler in OpenStack Compute is susceptible to a denial of service attack when specific filters are applied. This vulnerability allows remote authenticated users to exploit the system by sending requests containing numerous repeated IDs in the os:scheduler_hints section, resulting in excessive database lookup calls and potential server hang, impacting the overall performance of the system.

References

http://www.securityfocus.com/bid/54388

vdb-entryx_refsource_BID

https://lists.launchpad.net/openstack/msg14452.html

mailing-listx_refsource_MLIST

https://bugs.launchpad.net/nova/+bug/1017795

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 17, 2012
Vulnerability Reserved
Jun 14, 2012