[Openstack] [OSSA 2013-020] Denial of Service in Nova network source security groups (CVE-2013-4185)

Jeremy Stanley jeremy at openstack.org
Tue Aug 6 15:04:43 UTC 2013

OpenStack Security Advisory: 2013-020
CVE: CVE-2013-4185
Date: August 6, 2013
Title: Denial of Service in Nova network source security groups
Reporter: Vishvananda Ishaya (Nebula)
Products: Nova
Affects: All versions

Vishvananda Ishaya from Nebula reported a denial of service
vulnerability in Nova's handling of network source security group
policy updates. By performing a large number of server creation
operations, the proportion of updates increases quadratically and
may overwhelm nova-network such that it is no longer able to service
other requests in a timely fashion. Only setups relying on
nova-network are affected.

Havana (development branch) fix:

Grizzly fix:

Folsom fix:

This fix will be included in the havana-3 development milestone and
in a future 2013.1.3 release.


Jeremy Stanley
OpenStack Vulnerability Management Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 966 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130806/58dc4e51/attachment.sig>

More information about the Openstack mailing list