Description:
HP Cloud Services reported a vulnerability in Nova API handling. When a security group is created via the EC2 or OS API's that uses a protocol defined in the incorrect case i.e 'TCP' rather than 'tcp' it causes a later string comparison to fail. This leads to Security Groups not being set correctly.
Once the Nova DB has been polluted with the incorrect case any subsequent modifications to the security group will also fail. When the patch is applied the DB entries must be corrected to resume normal operations.
Description:
HP Cloud Services reported a vulnerability in Nova API handling. When a security group is created via the EC2 or OS API's that uses a protocol defined in the incorrect case i.e 'TCP' rather than 'tcp' it causes a later string comparison to fail. This leads to Security Groups not being set correctly.
Once the Nova DB has been polluted with the incorrect case any subsequent modifications to the security group will also fail. When the patch is applied the DB entries must be corrected to resume normal operations.