Nova DoS by allocating all Fixed IPs

2013.03.15

Credit: Thierry Carrez

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2013-1838

CWE: CWE-399

CVSS Base Score: 4/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8/10

Exploit range: Remote

Attack complexity: Low

Authentication: Single time

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

OpenStack Security Advisory: 2013-008
CVE: CVE-2013-1838
Date: March 14, 2013
Title: Nova DoS by allocating all Fixed IPs
Reporter: Vish Ishaya (Nebula)
Products: Nova
Affects: All versions

Description:
Vish Ishaya reported a vulnerability in Nova where there is no quota for
Fixed IPs. Previously the instance quota acted as a proxy for a Fixed IP
quota, but if your configuration allows an instance to consume more than
one Fixed IP via an extension such as multinic then this is no longer
true. Running out of Fixed IPs would result in not being able to spawn
new instances.

Grizzly (development branch) fix:
https://review.openstack.org/#/c/24451/

Folsom fix:
https://review.openstack.org/#/c/24452/

Essex fix:
https://review.openstack.org/#/c/24453/

References:
https://bugs.launchpad.net/nova/+bug/1125468
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1838

References:

https://review.openstack.org/#/c/24451/

http://seclists.org/oss-sec/2013/q1/662

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Nova DoS by allocating all Fixed IPs

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.