OpenStack Security Advisory: 2013-008
CVE: CVE-2013-1838
Date: March 14, 2013
Title: Nova DoS by allocating all Fixed IPs
Reporter: Vish Ishaya (Nebula)
Products: Nova
Affects: All versions
Description:
Vish Ishaya reported a vulnerability in Nova where there is no quota for
Fixed IPs. Previously the instance quota acted as a proxy for a Fixed IP
quota, but if your configuration allows an instance to consume more than
one Fixed IP via an extension such as multinic then this is no longer
true. Running out of Fixed IPs would result in not being able to spawn
new instances.
Grizzly (development branch) fix:
https://review.openstack.org/#/c/24451/
Folsom fix:
https://review.openstack.org/#/c/24452/
Essex fix:
https://review.openstack.org/#/c/24453/
References:
https://bugs.launchpad.net/nova/+bug/1125468
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1838