OSSA-2012-003: Long server names grow nova-api log files significantly

OSSA-2012-003: Long server names grow nova-api log files significantly¶

Date:: March 29, 2012
CVE:: CVE-2012-1585

Affects¶

Nova: TODO

Description¶

Dan Prince reported a vulnerability in OpenStack Compute (Nova) API servers. By PUTing or POSTing extremely long server names to the OpenStack API, any authenticated user may grow nova-api log files significantly, potentially resulting in disk space exhaustion and denial of service to the affected nova-api nodes. only setups running the OpenStack API are affected.

Patches¶

https://review.openstack.org/#/c/5956 (Diablo)
https://review.openstack.org/#/c/5955 (Essex)
https://review.openstack.org/#/c/5957 (Essex)

Credits¶

Dan Prince from Red Hat (CVE-2012-1585)

References¶

https://launchpad.net/bugs/962515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1585

this page last updated: 2024-10-03 16:29:15

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.