Denial of Service Vulnerability in OpenStack Compute by Canonical
CVE-2013-1838

Currently unrated

Key Information:

Vendor: Openstack
Status: Essex; Folsom; Grizzly
Vendor: CVE Published:; 22 March 2013

Summary

OpenStack Compute (Nova) versions Grizzly, Folsom, and Essex fail to adequately enforce quotas on fixed IPs. This weakness allows remote authenticated users to overwhelm the system by invoking the addFixedIp function excessively. As a result, the resource exhaustion leads to service disruption, preventing the spawning of new instances and impacting overall system availability.

References

https://lists.launchpad.net/openstack/msg21892.html

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/58492

vdb-entryx_refsource_BID

https://bugs.launchpad.net/nova/+bug/1125468

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 22, 2013
Vulnerability Reserved
Feb 19, 2013