CVE-2013-1838

Openstack Essex < 12.0.0a0 - Resource Management Error

Title source: rule

Description

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

References (14)

[Third Party Advisory, VDB Entry] http://osvdb.org/91303

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0709.html

[Vendor Advisory] http://secunia.com/advisories/52580

[Vendor Advisory] http://secunia.com/advisories/52728

[Various Sources] http://ubuntu.com/usn/usn-1771-1

[Issue Tracking] https://bugs.launchpad.net/nova/+bug/1125468

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=919648

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/82877

[Various Sources] https://lists.launchpad.net/openstack/msg21892.html

[Various Sources] https://review.openstack.org/#/c/24451/

[Various Sources] https://review.openstack.org/#/c/24452/

[Various Sources] https://review.openstack.org/#/c/24453/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/58492

[Mailing List] http://www.openwall.com/lists/oss-security/2013/03/14/18

Scores

EPSS 0.0143

EPSS Percentile 80.4%

Classification

CWE

CWE-399

Status draft

Affected Products (7)

openstack/essex

openstack/folsom

openstack/grizzly

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

pypi/nova < 12.0.0a0PyPI

Timeline

Published Mar 22, 2013

Tracked Since Feb 18, 2026