OSSA-2015-015: Nova instance migration process does not stop when instance is deleted

Date:

August 25, 2015

CVE:

CVE-2015-3241

Affects

• Nova: versions through 2014.2.3 and 2015.1 versions through 2015.1.1

Description

George Shuklin from Webzilla LTD reported a vulnerability in Nova migration process. By resizing and deleting an instance repeatedly an authenticated user may overcome his quota and overload Nova computes node resulting in a denial of service attack. All Nova setups are affected.

Patches

• https://review.openstack.org/208876 (Juno)

• https://review.openstack.org/214528 (Juno)

• https://review.openstack.org/213234 (Kilo)

• https://review.openstack.org/209856 (Kilo)

• https://review.openstack.org/194861 (Liberty)

• https://review.openstack.org/192986 (Liberty)

Credits

• George Shuklin from Webzilla LTD (CVE-2015-3241)

References

• https://launchpad.net/bugs/1387543

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241

Notes

• This fix requires oslo.concurrency >= 1.8.2 for Kilo and >= 2.3.0 for Liberty. Juno fix embeds a patched version of oslo.concurrency

• This fix will be included in future 2014.2.4 (juno) and 2015.1.2 (kilo) releases.