Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <527289B8.70304@openstack.org>
Date: Thu, 31 Oct 2013 17:47:52 +0100
From: Thierry Carrez <thierry@...nstack.org>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: [OSSA 2013-029] Potential Nova denial of service through compressed
 disk images (CVE-2013-4463, CVE-2013-4469)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

OpenStack Security Advisory: 2013-029
CVE: CVE-2013-4463, CVE-2013-4469
Date: October 31, 2013
Title: Potential Nova denial of service through compressed disk images
Reporter: Bernhard M. Wiedemann (SUSE) & Pádraig Brady (Red Hat)
Products: Nova
Affects: All versions

Description:
Bernhard M. Wiedemann from SUSE reported a vulnerability in Nova's
control of the size of disk images. By using malicious compressed qcow2
disk images, an authenticated user may consume large amounts of disk
space for each image, potentially resulting in a Denial of Service
attack on Nova compute nodes (CVE-2013-4463). While fixing this issue,
Pádraig Brady from Red Hat additionally discovered that OSSA 2013-012
did not fully address CVE-2013-2096 in the non-default case where
use_cow_images=False, and malicious qcow images are being transferred
from Glance. In that specific case, an authenticated user could still
consume large amounts of disk space for each instance using the
malicious image, potentially also resulting in a Denial of Service
attack on Nova compute nodes (CVE-2013-4469). The provided fixes
address both issues.

Icehouse (development branch) fix:
https://review.openstack.org/54765

Havana fix:
https://review.openstack.org/54767

Grizzly fix:
https://review.openstack.org/54768

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4469
https://bugs.launchpad.net/nova/+bug/1206081

Regards,

- -- 
Thierry Carrez
OpenStack Vulnerability Management Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJScom4AAoJEFB6+JAlsQQjds8P/RHc+cYZTRRvoRM2BIIbbfB0
d28WZPGGHKpKY99XQ/Q0+rDfmZb3N1KJ0nsCrLOdaNUXydIO7kE3wNElvyY8ES4x
6AJcocK6+3IPdazdu7tTiU/wfhx7DjjFZP+jk91JOmd4jcJ83TGqBT1nUhwDyhIf
YNjyPoZNnMIz9ga/yn1Drk9RyH0CCNHIL1h4OT9V8CQ4jmbmNOoqw0Benrk+o2Rn
eFpQfagUm6uKjhyCvbowZueVZv8KB/johfj/w3gpAiuQEMana9dU7fLX18qRhUlh
xJzCfUanD0JGWUkLtHsy9SapStjqclme4vEjBhLJxhqST547jDjWHnNylPDNHKXa
OnZ8r7mYrpx3hAhrDe+hWjPmrZ/dOMIwNP8nuWIY+Hyenyv1henSJX0qeppXeAbA
swTeQhet1iCDw9v+1KadCdPyVLNft7aIa9jw40WUV+Ff60HW8lzNAH0EXf5YWDuG
rQ5fZoHSRBmOF3GsVtuNDKTABsZz1ecxgwJ4oXV23b79VLV87n1RN5sZLHIu5FY8
303ci7O7xwFh1mV3VgiQZJzub7/Ey1CBmj8ds/Bg/TyxsraVkDoOxdg216OdvVzs
VdhgN9dOzD3UEW7kL4uBYNWNSNYoAhTmEphotvtWIR8n/Y4olEYO61YaYZFJvIOy
hVLCGyCGF9uUbWqkCs5D
=AdLt
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.