Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3371

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-3371
Last Modified 24 Aug 2012 12:00:00
Published 17 Jul 2012 05:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-3371

Summary

The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.

Vulnerable Systems

Application

  • Openstack Compute 2012.2

  • Openstack Essex 2012.1

  • Openstack Folsom 2012.2


References

MLIST - [openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)

CONFIRM - https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d

CONFIRM - https://bugs.launchpad.net/nova/+bug/1017795

UBUNTU - USN-1501-1

BID - 54388

MLIST - [oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)


Last Updated: 27 May 2016 10:54:54