836658 – (CVE-2012-3371) CVE-2012-3371 OpenStack-Nova: Scheduler denial of service through scheduler_hints

Bug 836658 (CVE-2012-3371) - CVE-2012-3371 OpenStack-Nova: Scheduler denial of service through scheduler_hints

Summary: CVE-2012-3371 OpenStack-Nova: Scheduler denial of service through scheduler_h...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-3371
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	839407 844041
Blocks:
TreeView+	depends on / blocked

Reported:	2012-06-29 20:41 UTC by Kurt Seifried
Modified:	2019-09-29 12:53 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2012-09-12 19:07:03 UTC
Embargoed:

Attachments	(Terms of Use)
Upstream patch for Essex (1.92 KB, patch) 2012-07-04 07:44 UTC, Tomas Hoger	no flags	Details \| Diff
Upstream patch for Folsom (1.81 KB, patch) 2012-07-04 07:45 UTC, Tomas Hoger	no flags	Details \| Diff
View All

Description Kurt Seifried 2012-06-29 20:41:06 UTC

Title: Scheduler denial of service through scheduler_hints
Impact: Medium
Reporter: Dan Prince (Red Hat)
Products: Nova
Affects: Essex, Folsom series

Description:
Dan Prince from Red Hat reported a vulnerability in Nova scheduler
nodes. By creating servers with malicious scheduler_hints, an
authenticated user may generate a huge amount of database calls,
potentially resulting in a Denial of Service attack against Nova
scheduler nodes. Only setups exposing the OpenStack API and enabling
DifferentHostFilter and/or SameHostFilter are affected.

Comment 3 Tomas Hoger 2012-07-04 07:44:53 UTC

Created attachment 596162 [details]
Upstream patch for Essex

Comment 4 Tomas Hoger 2012-07-04 07:45:38 UTC

Created attachment 596163 [details]
Upstream patch for Folsom

Comment 5 Kurt Seifried 2012-07-11 21:32:32 UTC

Created openstack-nova tracking bugs for this issue

Affects: fedora-all [bug 839407]

Comment 6 Tomas Hoger 2012-07-12 07:23:23 UTC

References:
http://thread.gmane.org/gmane.comp.security.oss.general/7988
https://lists.launchpad.net/openstack/msg14452.html

Upstream bug:
https://bugs.launchpad.net/nova/+bug/1017795

Upstream commits:
Folsom: https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d
Essex: https://github.com/openstack/nova/commit/25f5bd31805bd21d7b7e3583c775252aa8f737e9

Comment 7 Kurt Seifried 2012-07-28 06:20:33 UTC

Created openstack-nova tracking bugs for this issue

Affects: epel-6 [bug 844041]

Note You need to log in before you can comment on or make changes to this bug.