OSSA-2012-009: Scheduler denial of service through scheduler_hints

OSSA-2012-009: Scheduler denial of service through scheduler_hints¶

Date:: July 11, 2012
CVE:: CVE-2012-3371

Affects¶

Nova: Essex, Folsom series

Description¶

Dan Prince from Red Hat reported a vulnerability in Nova scheduler nodes. By creating servers with malicious scheduler_hints, an authenticated user may generate a huge amount of database calls, potentially resulting in a Denial of Service attack against Nova scheduler nodes. Only setups exposing the OpenStack API and enabling DifferentHostFilter and/or SameHostFilter are affected.

Patches¶

https://review.openstack.org/#/c/9639 (Essex)
https://review.openstack.org/#/c/9637 (Folsom)

Credits¶

Dan Prince from Red Hat (CVE-2012-3371)

References¶

https://launchpad.net/bugs/1017795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3371

this page last updated: 2024-10-03 16:29:15

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.