OSSA-2012-003: Long server names grow nova-api log files significantly

OSSA-2012-003: Long server names grow nova-api log files significantly

Date:March 29, 2012
CVE:CVE-2012-1585

Affects

  • Nova: TODO

Description

Dan Prince reported a vulnerability in OpenStack Compute (Nova) API servers. By PUTing or POSTing extremely long server names to the OpenStack API, any authenticated user may grow nova-api log files significantly, potentially resulting in disk space exhaustion and denial of service to the affected nova-api nodes. only setups running the OpenStack API are affected.

Credits

  • Dan Prince from Red Hat (CVE-2012-1585)
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.