[Openstack-security] [Bug 1227575] Re: DoS style attack onnoVNCserver can lead to service interruption or disruption
Nathan Kinder
nkinder at redhat.com
Sun Mar 9 17:02:56 UTC 2014
On 03/08/2014 08:05 PM, Sriram Subramanian wrote:
> I'll make those corrections, thanks Rob.
I've already taken care of it and have published the completed OSSN to
the mailing lists and the wiki.
Thanks,
-NGK
> ------------------------------------------------------------------------
> From: Clark, Robert Graham <mailto:robert.clark at hp.com>
> Sent: 3/8/2014 12:51 PM
> To: Sriram Subramanian <mailto:sriram at sriramhere.com>; Bug 1227575
> <mailto:1227575 at bugs.launchpad.net>;
> openstack-security at lists.openstack.org
> <mailto:openstack-security at lists.openstack.org>
> Subject: RE: [Openstack-security] [Bug 1227575] Re: DoS style attack
> onnoVNCserver can lead to service interruption or disruption
>
> The OSSN looks great, but I think perhaps the summary could be tweaked
> to be a little shorter and maybe flow a little better…
>
>
>
> There is currently no limit to the number of noVNC or SPICE console
> sessions that can be established by a single user. The console host has
> limited resources and an attacker launching many sessions may be able to
> exhaust the available resources, resulting in a Denial of Service (DoS)
> condition.
>
>
>
> Other than that it’s hot-to-trot, as they say.
>
>
>
> -Rob
>
More information about the Openstack-security
mailing list