Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 18 Dec 2013 17:01:48 +0100
From: Thierry Carrez <thierry@...nstack.org>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: [OSSA 2013-037] Nova compute DoS through ephemeral disk backing files
 (CVE-2013-6437)

OpenStack Security Advisory: 2013-037
CVE: CVE-2013-6437
Date: December 18, 2013
Title: Nova compute DoS through ephemeral disk backing files
Reporter: Phil Day (HP)
Products: Nova
Affects: All supported versions

Description:
Phil Day from HP reported a vulnerability in the libvirt driver handling
of ephemeral disk backing files on Nova compute nodes. By repeatedly
creating snapshots, changing the os_type to a new random value, and
spawning new instances from the snapshot (and quickly deleting those
instances), an authenticated user could generate lots of different
ephemeral disk backing files and fill up compute node disks, potentially
resulting in a Denial of Service against a Nova setup. Only Nova setups
running the libvirt driver are affected.

Icehouse (development branch) fix:
https://review.openstack.org/62910

Havana fix:
https://review.openstack.org/62912

Grizzly fix:
https://review.openstack.org/62913

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6437
https://bugs.launchpad.net/nova/+bug/1253980

Regards,

-- 
Thierry Carrez
OpenStack Vulnerability Management Team


Download attachment "signature.asc" of type "application/pgp-signature" (902 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.