CVE-2013-4185
Published: 07 August 2013
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.
Priority
Status
Package | Release | Status |
---|---|---|
nova Launchpad, Ubuntu, Debian |
Upstream |
Released
(1:2013.2~rc2)
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(1:2013.2~rc2-0ubuntu1)
|
|
Patches: Upstream: https://review.openstack.org/39541 (havana) Upstream: https://review.openstack.org/39543 (grizzly) Upstream: https://review.openstack.org/39544 (folsom) |
Notes
Author | Note |
---|---|
jdstrand | Ubuntu 13.04 has fix in raring-updates |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4185
- http://marc.info/?l=oss-security&m=137580153109232&w=2
- https://usn.ubuntu.com/usn/usn-2000-1
- NVD
- Launchpad
- Debian