OSSA-2012-005: No quota enforced on security group rules

OSSA-2012-005: No quota enforced on security group rules¶

Date:: April 19, 2012
CVE:: CVE-2012-2101

Affects¶

Nova: All versions

Description¶

Dan Prince reported a vulnerability in Nova. He discovered that there was no limit on the number of security group rules a user can create. By creating a very large set of rules, an unreasonable number of iptables rules will be created on compute nodes, resulting in a denial of service.

Patches¶

https://review.openstack.org/#/c/6655 (Diablo)
https://review.openstack.org/#/c/6654 (Essex)
https://review.openstack.org/#/c/6653 (Folsom)
https://review.openstack.org/#/c/6656 (Folsom)

Credits¶

Dan Prince from Red Hat (CVE-2012-2101)

References¶

this page last updated: 2024-10-03 16:29:15

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.