Bug 1150461 (CVE-2014-7960)

Summary: CVE-2014-7960 openstack-swift: Swift metadata constraints are not correctly enforced
Product: [Other] Security Response Reporter: Martin Prpič <mprpic>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aavati, abaron, aortega, apevec, apevec, ayoung, chrisw, dallan, david, d.busby, derekh, gkotton, gmollett, itamar, jonathansteffan, jrusnack, lhh, lpeer, markmc, mmagr, nlevinki, rbryant, rfortier, rhs-bugs, sclewis, silas, sisharma, smohan, ssaha, vbellur, wmealing, yeylon, zaitcev
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
A flaw was found in the metadata constraints in OpenStack Object Storage (swift). By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-29 06:05:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1150782, 1150783, 1205517, 1205518    
Bug Blocks: 1150464    

Description Martin Prpič 2014-10-08 10:57:05 UTC 
The following was reported to oss-sec:

Title: Swift metadata constraints are not correctly enforced
Reporter: Rajaneesh Singh
Products: Swift
Versions: up to 2.1.0

Description:
Rajaneesh Singh reported a vulnerability in Swift enforcement of
metadata contraints. By adding metadata in several separate calls,
an authenticated attacker can bypass the max_meta_count constraint,
potentially resulting in the storage of more metadata than allowed
in configuration.

References:
https://launchpad.net/bugs/1365350
http://seclists.org/oss-sec/2014/q4/205
Comment 2 Garth Mollett 2014-10-08 23:04:15 UTC 
Created openstack-swift tracking bugs for this issue:

Affects: fedora-all [bug 1150782]
Comment 6 errata-xmlrpc 2015-04-16 13:59:35 UTC 
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 6

Via RHSA-2015:0836 https://rhn.redhat.com/errata/RHSA-2015-0836.html
Comment 7 errata-xmlrpc 2015-04-16 13:59:45 UTC 
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 7

Via RHSA-2015:0835 https://rhn.redhat.com/errata/RHSA-2015-0835.html
Comment 9 errata-xmlrpc 2015-07-29 04:36:32 UTC 
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.1 for RHEL 6
  Native Client for RHEL 5 for Red Hat Storage
  Native Client for RHEL 6 for Red Hat Storage

Via RHSA-2015:1495 https://rhn.redhat.com/errata/RHSA-2015-1495.html