Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 28 Oct 2014 12:13:03 -0400
From: Tristan Cacqueray <>
Subject: [OSSA 2014-038] Nova network DoS through API filtering (CVE-2014-3708)

OpenStack Security Advisory: 2014-038
CVE: CVE-2014-3708
Date: October 28, 2014
Title: Nova network DoS through API filtering
Reporter: Mohammed Naser (Vexxhost)
Products: Nova
Versions: up to 2014.1.3, and 2014.2

Mohammed Naser from Vexxhost reported a vulnerability in Nova API
filters. By listing active servers using an ip filter, an authenticated
user may overload nova-network or neutron-server process, resulting in a
denial of services. All Nova setups are affected.

Kilo (development branch) fix:

Juno fix:

Icehouse fix:

This fix will be included in future 2014.1.4 and 2014.2.1 releases.


Tristan Cacqueray
OpenStack Vulnerability Management Team

Download attachment "signature.asc" of type "application/pgp-signature" (539 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ