Local Denial of Service Vulnerability in OpenStack Compute by OpenStack
CVE-2013-4469

Currently unrated

Key Information:

Vendor
Openstack
Status
Havana
Grizzly
Folsom
Vendor
CVE Published:
2 November 2013

Summary

In OpenStack Compute (Nova) versions Folsom, Grizzly, and Havana, a vulnerability arises when the configuration option 'use_cow_images' is disabled. The system fails to verify the virtual size of QCOW2 images, enabling local users to transfer images with large virtual sizes that don't contain a corresponding amount of data. This can lead to significant disruption by consuming host filesystem disk space, which may result in denial of service conditions.

References

https://bugs.launchpad.net/nova/+bug/1206081
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2013/10/31/3
mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-2247-1
vendor-advisoryx_refsource_UBUNTU

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.