Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 489992 (CVE-2013-4463) - sys-cluster/nova: Multiple Vulnerabilities (CVE-2013-{4463,4469,4497})
Summary: sys-cluster/nova: Multiple Vulnerabilities (CVE-2013-{4463,4469,4497})
Status: RESOLVED FIXED
Alias: CVE-2013-4463
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: http://seclists.org/oss-sec/2013/q4/200
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-31 18:31 UTC by Mikle Kolyada (RETIRED)
Modified: 2013-11-27 22:10 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2013-10-31 18:31:33 UTC 
from ${URL}:

CVE: CVE-2013-4463, CVE-2013-4469
Date: October 31, 2013
Title: Potential Nova denial of service through compressed disk images
Reporter: Bernhard M. Wiedemann (SUSE) & Pádraig Brady (Red Hat)
Products: Nova
Affects: All versions

Description:
Bernhard M. Wiedemann from SUSE reported a vulnerability in Nova's
control of the size of disk images. By using malicious compressed qcow2
disk images, an authenticated user may consume large amounts of disk
space for each image, potentially resulting in a Denial of Service
attack on Nova compute nodes (CVE-2013-4463). While fixing this issue,
Pádraig Brady from Red Hat additionally discovered that OSSA 2013-012
did not fully address CVE-2013-2096 in the non-default case where
use_cow_images=False, and malicious qcow images are being transferred
from Glance. In that specific case, an authenticated user could still
consume large amounts of disk space for each instance using the
malicious image, potentially also resulting in a Denial of Service
attack on Nova compute nodes (CVE-2013-4469). The provided fixes
address both issues.

Icehouse (development branch) fix:
https://review.openstack.org/54765

Havana fix:
https://review.openstack.org/54767

Grizzly fix:
https://review.openstack.org/54768

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4469
https://bugs.launchpad.net/nova/+bug/1206081

Regards,

- --
Thierry Carrez
OpenStack Vulnerability Management Team
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2013-11-03 17:44:19 UTC 
CVE-2013-4497: http://seclists.org/oss-sec/2013/q4/207
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2013-11-05 02:23:52 UTC 
CVE-2013-4469 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4469):
  OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is
  set to False, does not verify the virtual size of a QCOW2 image, which
  allows local users to cause a denial of service (host file system disk
  consumption) by transferring an image with a large virtual size that does
  not contain a large amount of data from Glance.  NOTE: this issue is due to
  an incomplete fix for CVE-2013-2096.
Comment 3 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2013-11-19 03:54:07 UTC 
all fixes in place

nova-2013.1.4-r1.ebuild:	"${FILESDIR}/CVE-2013-4463_4469-grizzly.patch"
nova-2013.1.4-r1.ebuild:	"${FILESDIR}/CVE-2013-4497-grizzly-1.patch"
nova-2013.1.4-r1.ebuild:	"${FILESDIR}/CVE-2013-4497-grizzly-2.patch"
nova-2013.2-r2.ebuild:	"${FILESDIR}/CVE-2013-4463_4469-havana.patch"
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-11-27 22:10:47 UTC 
CVE-2013-4497 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4497):
  The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana
  before 2013.2 does not properly apply security groups (1) when resizing an
  image or (2) during live migration, which allows remote attackers to bypass
  intended restrictions.