OpenStack Security Advisory: 2014-038 CVE: CVE-2014-3708 Date: October 28, 2014 Title: Nova network DoS through API filtering Reporter: Mohammed Naser (Vexxhost) Products: Nova Versions: up to 2014.1.3, and 2014.2 Description: Mohammed Naser from Vexxhost reported a vulnerability in Nova API filters. By listing active servers using an ip filter, an authenticated user may overload nova-network or neutron-server process, resulting in a denial of services. All Nova setups are affected. Kilo (development branch) fix: https://review.openstack.org/131460 Juno fix: https://review.openstack.org/131462 Icehouse fix: https://review.openstack.org/131461 Notes: This fix will be included in future 2014.1.4 and 2014.2.1 releases. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708 https://launchpad.net/bugs/1358583 --· Tristan Cacqueray OpenStack Vulnerability Management Team