Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1043106 - (CVE-2013-6437) CVE-2013-6437 openstack-nova: DoS through ephemeral disk backing files
CVE-2013-6437 openstack-nova: DoS through ephemeral disk backing files
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20131218,repor...
: Security
Depends On: 1119586 1063638 1119584 1119585
Blocks: 1023240 1043107
  Show dependency treegraph
 
Reported: 2013-12-13 18:23 EST by Vincent Danen
Modified: 2016-04-26 14:30 EDT (History)
14 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-07-15 02:18:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
grizzly patch (4.98 KB, patch)
2013-12-13 18:31 EST, Vincent Danen 		no flags Details | Diff
havana patch (5.07 KB, patch)
2013-12-13 18:33 EST, Vincent Danen 		no flags Details | Diff
icehouse patch (4.94 KB, patch)
2013-12-13 18:34 EST, Vincent Danen 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:0231 normal SHIPPED_LIVE Moderate: openstack-nova security and bug fix update 2014-03-04 19:00:29 EST

  None (edit)
Description Vincent Danen 2013-12-13 18:23:27 EST 
Thierry Carrez of the OpenStack project reports:


Title: Nova compute DoS through ephemeral disk backing files
Reporter: Phil Day (HP)
Products: Nova
Affects: All supported versions

Description:
Phil Day from HP reported a vulnerability in the libvirt driver handling
of ephemeral disk backing files on Nova compute nodes. By repeatedly
creating snapshots, changing the os_type to a new random value, and
spawning new instances from the snapshot (and quickly deleting those
instances), an authenticated user could generate lots of different
ephemeral disk backing files and fill up compute node disks, potentially
resulting in a Denial of Service against a Nova setup. Only Nova setups
running the libvirt driver are affected.


CVE-2013-6437 has been assigned to identify this flaw.


Acknowledgements:

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Phil Day from HP as the original reporter.
Comment 2 Vincent Danen 2013-12-13 18:31:17 EST 
Created attachment 836520 [details]
grizzly patch
Comment 3 Vincent Danen 2013-12-13 18:33:25 EST 
Created attachment 836521 [details]
havana patch
Comment 4 Vincent Danen 2013-12-13 18:34:19 EST 
Created attachment 836523 [details]
icehouse patch
Comment 6 errata-xmlrpc 2014-03-04 14:04:35 EST 
This issue has been addressed in following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:0231 https://rhn.redhat.com/errata/RHSA-2014-0231.html
Comment 7 Garth Mollett 2014-07-15 02:11:12 EDT 
Trackers were never added for fedora/rdo when this was unembargoed. It's almost certainly been fixed in a rebase since then but filing anyway.
Comment 8 Garth Mollett 2014-07-15 02:16:36 EDT 
Statement:

Red Hat Product Security has rated this issue as having moderate security impact in Red Hat OpenStack Platform 3.0. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Comment 10 Garth Mollett 2014-07-15 02:18:02 EDT 
Created openstack-nova tracking bugs for this issue:

Affects: fedora-all [bug 1119584]
Affects: epel-6 [bug 1119585]
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.