Yaguang Tang reports:
concurrent requests with large POST body can crash the keystone process.
this can be used by Malicious and lead to DOS to Cloud Service Provider.
The OpenStack project has confirmed:
Concurrent Keystone POST requests with large body messages are held in memory
without filtering or rate limiting, this can lead to resource exhaustion on
the Keystone server.
External references:
https://bugs.launchpad.net/keystone/+bug/1098177https://bugs.launchpad.net/ossn/+bug/1155566
Comment 5Fedora Update System
2013-07-20 09:32:14 UTC
openstack-keystone-2013.1.2-3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.