[Openstack-security] [Bug 1862050] Re: Race condition while allocating floating IPs
Nick Tait
1862050 at bugs.launchpad.net
Wed Mar 18 22:18:46 UTC 2020
C1 seems appropriate as the risk is not inherent to all deployments and
there are multiple ways to prevent/mitigate where needed.
--
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1862050
Title:
Race condition while allocating floating IPs
Status in neutron:
New
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
I work as a penetration tester, in one of the last projects our team
encountered a problem in openstack, We are not sure whether to
consider this an openstack security vulnerability. Hope you could
clarify things for us.
We were testing race condition vulnerabilities on resources that have a limit per project. For example floating IP number.
The idea is to make backend server recieve a lot of same requests at the same moment, and because the server has to proccess all of them simultaneously we could get a situation where the limits are not checked properly.
Sending 500 requests (each in individual thread) directly to the
Neutron API for allocation floating IPs resulted in exceeding the IP
limit by 4 times.
Request example:
POST /v2.0/floatingips HTTP/1.1
Host: ...
X-Auth-Token: ...
Content-Type: application/json
Content-Length: 103
{
"floatingip": {
"floating_network_id": "..."
}
}
Is it a known openstack behavior or is it more like a hardware
problem?
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1862050/+subscriptions
More information about the Openstack-security
mailing list