[OSSA 2013-023] Denial of Service using XML entities in Nova/Cinder extensions (CVE-2013-4179, CVE-2013-4202)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OpenStack Security Advisory: 2013-023 CVE: CVE-2013-4179, CVE-2013-4202 Date: August 8, 2013 Title: Denial of Service using XML entities in Nova/Cinder extensions Reporter: Grant Murphy (Red Hat) Products: Nova, Cinder Affects: Grizzly and later Description: Grant Murphy from Red Hat reported that vulnerabilities in XML request parsers were not fully patched in OSSA 2013-004. By leveraging XML entity expansion in specific extensions, an unauthenticated attacker may still consume excessive resources on the Nova (CVE-2013-4179) or Cinder (CVE-2013-4202) API servers, resulting in a denial of service and potentially a crash. Only Nova setups making use of the security group extension in Grizzly are affected. Only Cinder setups making use of the backups or volume transfer API extension in Grizzly are affected. Havana (development branch) fixes: Nova: https://review.openstack.org/40879 Cinder: https://review.openstack.org/40881 Grizzly fixes: Nova: https://review.openstack.org/40880 Cinder: https://review.openstack.org/40883 Note: The Nova and Cinder Grizzly fixes will be included in the upcoming 2013.1.3 stable release. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4202 https://launchpad.net/bugs/1190229 Regards, - -- Thierry Carrez OpenStack Vulnerability Management Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBCAAGBQJSA8K6AAoJEFB6+JAlsQQj05EP/Rq9FXVZJCNfXgCBEpeSgrh/ kaglidx9JMqnvxJd92M+KFHZrZgBazwH9ZwsD1i4zs64XP1KH2UbvXzlwfaCb3M0 5/9cbqocyHJAeOFpYPvQCz/TmsHVH7CgftNL474AGixyTXfaH745/zveABNIYhou aEpq3CxHOcNycCuPYj4FgcXZ7lf8Eu7vaVsNhXmk/qgWo+l6N4LYznHf6UxHMnHf fB7+ZcjMCZtfZHO/9LRmROiprHHX9CprWtTZX+RUNjTa38VzyEetXG50zCEIiI/S wsxAUSOA6tremYLeuNXZwRawLdpolzvhEt04GITa7AC8udnjXkvHyA1VUcAtysMT SP5abGWdKMibSVwOmJ6+YLVMMXpTn9ww5LD2yJrcRy+xXyD9k2ofq8VMY9P/DJ2w kEEEQaMtmmqYqoVZc/rLRjBNiGgvD58hxYtLEVMShgbkduAUgfWmBnsZ7zgbzY9X ZDUN3wYkEQk6UZepa4g4mIjTFM0PkqXNoCOl8q7xNpLNYpmbF5rheIeE1HjIglGq hbCWzxDJZtKjvd2MqtYlZGfTgjpPA6tEDC3vto8nfsHQqvZUxv/OKg6KSCIq/6UA wxUD952GPmhImN+UVYiFMuNufufb0EI/EkVsmPJm54siOeq/ZOYvEc44M6K++7ve 3MySqda3xPZMaZn8KTFz =XFeJ -----END PGP SIGNATURE-----
participants (1)
-
Thierry Carrez