Bug 919648 (CVE-2013-1838)

Summary: CVE-2013-1838 Openstack Nova: DoS by allocating all Fixed IPs
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: apevec, cpelland, jlieskov, markmc, ndipanov, rbryant, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-04-04 20:46:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 919650, 919651    
Bug Blocks: 919649, 921759    
Attachments:
Description Flags
CVE-2013-1838-essex.patch
none
CVE-2013-1838-folsom.patch
none
CVE-2013-1838-grizzly.patch none

Description Kurt Seifried 2013-03-09 07:07:33 UTC 
Russel Bryant (rbryant) reports:


Title: DoS by allocating all Fixed IPs
Impact: Medium
Reporter: Vish Ishaya (Nebula)
Products: Nova
Affects: All versions

Description:
Vish Ishaya reported a vulnerability in Nova where there is no quota
for Fixed IPs. Previously the instance quota acted as a proxy for
a Fixed IP quota, but if your configuration allows an instance to
consume more than one Fixed IP via an extension such as multinic
then this is no longer true. Running out of Fixed IPs would result in
not being able to spawn new instances.

Proposed patches:
See attached patches. Unless a flaw is discovered in them, these
patches will be merged to Nova master (Grizzly), stable/folsom,
and stable/essex branches on the public disclosure date.
Comment 2 Kurt Seifried 2013-03-09 07:09:14 UTC 
Created attachment 707322 [details]
CVE-2013-1838-essex.patch
Comment 3 Kurt Seifried 2013-03-09 07:09:32 UTC 
Created attachment 707323 [details]
CVE-2013-1838-folsom.patch
Comment 4 Kurt Seifried 2013-03-09 07:09:48 UTC 
Created attachment 707324 [details]
CVE-2013-1838-grizzly.patch
Comment 8 Jan Lieskovsky 2013-03-25 10:13:21 UTC 
References:
  https://lists.launchpad.net/openstack/msg21892.html
  http://www.openwall.com/lists/oss-security/2013/03/14/18
  https://bugs.launchpad.net/nova/+bug/1125468
  https://review.openstack.org/#/c/24451/
  https://review.openstack.org/#/c/24452/
  https://review.openstack.org/#/c/24453/
  http://ubuntu.com/usn/usn-1771-1
  http://www.securityfocus.com/bid/58492
  http://osvdb.org/91303
  http://secunia.com/advisories/52580
  http://secunia.com/advisories/52728
  http://xforce.iss.net/xforce/xfdb/82877
Comment 9 Murray McAllister 2013-03-27 03:32:49 UTC 
Acknowledgements:

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Vish Ishaya (Nebula) as the original reporter.
Comment 10 errata-xmlrpc 2013-04-04 20:21:58 UTC 
This issue has been addressed in following products:

  OpenStack Folsom for RHEL 6

Via RHSA-2013:0709 https://rhn.redhat.com/errata/RHSA-2013-0709.html