Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1838

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2013-1838
Last Modified 04 Jun 2013 11:42:37
Published 22 Mar 2013 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-1838

Summary

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 11.10

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 12.10

Application

  • Openstack Essex 2012.1

  • Openstack Folsom 2012.2

  • Openstack Grizzly 2012.2


References

CONFIRM - https://review.openstack.org/#/c/24453/

CONFIRM - https://review.openstack.org/#/c/24452/

CONFIRM - https://review.openstack.org/#/c/24451/

MLIST - [openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=919648

CONFIRM - https://bugs.launchpad.net/nova/+bug/1125468

XF - nova-fixedips-dos(82877)

BID - 58492

MLIST - [oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)

UBUNTU - USN-1771-1

SECUNIA - 52728

SECUNIA - 52580

OSVDB - 91303

REDHAT - RHSA-2013:0709


Last Updated: 27 May 2016 10:51:57