Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 480048 (CVE-2013-2256) - sys-cluster/nova: Security Bypass and Denial of Service Vulnerabilities (CVE-2013-{2256,4185})
Summary: sys-cluster/nova: Security Bypass and Denial of Service Vulnerabilities (CVE-...
Status: RESOLVED FIXED
Alias: CVE-2013-2256
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial
Assignee: Gentoo Security
URL: https://secunia.com/advisories/54397/
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-07 11:22 UTC by Agostino Sarubbo
Modified: 2013-11-05 02:25 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-08-07 11:22:44 UTC
From ${URL} :

Description

Two vulnerabilities have been reported in OpenStack Compute (Nova), which can be exploited by 
malicious users to bypass certain security restrictions and cause a DoS (Denial of Service).

1) An error when handling access restrictions on private flavors can be exploited by tenants to 
view and boot any other tenant's private flavors.

2) An error within the handling of network source security group policy updates can be exploited to 
render the service unusable by performing a large number of server creation operations.

The vulnerabilities are reported in versions Grizzly (2013.1.2) and Folsom (2012.2.4).


Solution:
Fixed in the repository.

Provided and/or discovered by:
The vendor credits:
1) hzrandd, NetEase
2) Vishvananda Ishaya, Nebula

Original Advisory:
http://www.openwall.com/lists/oss-security/2013/08/06/3
http://www.openwall.com/lists/oss-security/2013/08/06/4
https://bugs.launchpad.net/nova/+bug/1194093
https://bugs.launchpad.net/nova/+bug/1184041


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2013-08-11 03:51:23 UTC
nova-2012.2.4-r4 has the fix
nova-2013.1.3 has the fix
badness removed from tree

This is valid for the following CVEs
CVE-2013-2256 and CVE-2013-4185

I'm removing myself from CC, if you feel I should be re-added just re-add me and let me know why.  This bug should be closable
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-08-12 00:21:06 UTC
Okay, we're done then. Closing.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-09-17 22:37:38 UTC
CVE-2013-2256 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2256):
  OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not
  properly enforce the os-flavor-access:is_public property, which allows
  remote authenticated users to obtain sensitive information (flavor
  properties), boot arbitrary flavors, and possibly have other unspecified
  impacts by guessing the flavor id.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-11-05 02:25:15 UTC
CVE-2013-4185 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4185):
  Algorithmic complexity vulnerability in OpenStack Compute (Nova) before
  2013.1.3 and Havana before havana-3 does not properly handle network source
  security group policy updates, which allows remote authenticated users to
  cause a denial of service (nova-network consumption) via a large number of
  server-creation operations, which triggers a large number of update
  requests.