[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253562

 
 

909

 
 

197267

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-1838Date: (C)2013-03-23   (M)2023-12-22


OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 8.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-52580
SECUNIA-52728
BID-58492
OSVDB-91303
RHSA-2013:0709
USN-1771-1
https://lists.launchpad.net/openstack/msg21892.html
http://www.openwall.com/lists/oss-security/2013/03/14/18
https://bugs.launchpad.net/nova/+bug/1125468
https://bugzilla.redhat.com/show_bug.cgi?id=919648
https://review.openstack.org/#/c/24451/
https://review.openstack.org/#/c/24452/
https://review.openstack.org/#/c/24453/
nova-fixedips-dos(82877)

CPE    5
cpe:/o:canonical:ubuntu_linux:12.04:-:lts
cpe:/a:openstack:folsom:2012.2
cpe:/a:openstack:essex:2012.1
cpe:/o:canonical:ubuntu_linux:12.10
...
CWE    1
CWE-399
OVAL    1
oval:org.secpod.oval:def:701225

© SecPod Technologies