OSSA-2012-005: No quota enforced on security group rules¶
April 19, 2012
Nova: All versions
Dan Prince reported a vulnerability in Nova. He discovered that there was no limit on the number of security group rules a user can create. By creating a very large set of rules, an unreasonable number of iptables rules will be created on compute nodes, resulting in a denial of service.
Dan Prince from Red Hat (CVE-2012-2101)