OSSA-2012-005: No quota enforced on security group rules

Date:April 19, 2012
CVE:CVE-2012-2101

Affects

  • Nova: All versions

Description

Dan Prince reported a vulnerability in Nova. He discovered that there was no limit on the number of security group rules a user can create. By creating a very large set of rules, an unreasonable number of iptables rules will be created on compute nodes, resulting in a denial of service.

Credits

  • Dan Prince from Red Hat (CVE-2012-2101)