OSSA-2012-005: No quota enforced on security group rules

Date:

April 19, 2012

CVE:

CVE-2012-2101

Affects

  • Nova: All versions

Description

Dan Prince reported a vulnerability in Nova. He discovered that there was no limit on the number of security group rules a user can create. By creating a very large set of rules, an unreasonable number of iptables rules will be created on compute nodes, resulting in a denial of service.

Patches

Credits

  • Dan Prince from Red Hat (CVE-2012-2101)

References