OSSA-2013-022: Swift Denial of Service using superfluous object tombstones

OSSA-2013-022: Swift Denial of Service using superfluous object tombstones¶

Date:: August 07, 2013
CVE:: CVE-2013-4155

Affects¶

Swift: All versions

Description¶

Peter Portante from Red Hat reported a vulnerability in Swift. Byissuing requests with an old X-Timestamp value, an authenticatedattacker can fill an object server with superfluous object tombstones,which may significantly slow down subsequent requests to that objectserver, facilitating a Denial of Service attack against Swift clusters.

Patches¶

https://review.openstack.org/#/c/40646 (Folsom)
https://review.openstack.org/#/c/40645 (Grizzly)
https://review.openstack.org/#/c/40643 (Havana)

Credits¶

Peter Portante from Red Hat (CVE-2013-4155)

References¶

this page last updated: 2024-03-18 15:52:07

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.