Date: Wed, 18 Dec 2013 17:01:48 +0100 From: Thierry Carrez <thierry@...nstack.org> To: Open Source Security <oss-security@...ts.openwall.com> Subject: [OSSA 2013-037] Nova compute DoS through ephemeral disk backing files (CVE-2013-6437) OpenStack Security Advisory: 2013-037 CVE: CVE-2013-6437 Date: December 18, 2013 Title: Nova compute DoS through ephemeral disk backing files Reporter: Phil Day (HP) Products: Nova Affects: All supported versions Description: Phil Day from HP reported a vulnerability in the libvirt driver handling of ephemeral disk backing files on Nova compute nodes. By repeatedly creating snapshots, changing the os_type to a new random value, and spawning new instances from the snapshot (and quickly deleting those instances), an authenticated user could generate lots of different ephemeral disk backing files and fill up compute node disks, potentially resulting in a Denial of Service against a Nova setup. Only Nova setups running the libvirt driver are affected. Icehouse (development branch) fix: https://review.openstack.org/62910 Havana fix: https://review.openstack.org/62912 Grizzly fix: https://review.openstack.org/62913 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6437 https://bugs.launchpad.net/nova/+bug/1253980 Regards, -- Thierry Carrez OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (902 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.