CVE 2013-6437
The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.
Related bugs and status
CVE-2013-6437 (Candidate) is related to these bugs:
Bug #1253980: [OSSA 2013-037] DoS attack via setting os_type in snapshots (CVE-2013-6437)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1253980 | [OSSA 2013-037] DoS attack via setting os_type in snapshots (CVE-2013-6437) | OpenStack Compute (nova) | High | Fix Released | ||
1253980 | [OSSA 2013-037] DoS attack via setting os_type in snapshots (CVE-2013-6437) | OpenStack Security Advisory | High | Fix Released | ||
1253980 | [OSSA 2013-037] DoS attack via setting os_type in snapshots (CVE-2013-6437) | OpenStack Compute (nova) grizzly | High | Fix Released | ||
1253980 | [OSSA 2013-037] DoS attack via setting os_type in snapshots (CVE-2013-6437) | OpenStack Compute (nova) havana | High | Fix Released |
Bug #1284643: [SRU] Meta bug for tracking Openstack 2013.2.2
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | nova (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | Ubuntu Cloud Archive | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | neutron (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | horizon (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | keystone (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | cinder (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | glance (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | cinder (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | glance (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | heat (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | horizon (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | keystone (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | neutron (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | nova (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | ceilometer (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | ceilometer (Ubuntu Saucy) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.