Vulnerabilities > CVE-2013-2096 - Resource Management Errors vulnerability in Openstack Folsom, Grizzly and Havana
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-22693.NASL description Fix CVE-2013-4469 and CVE-2013-4463 Fix CVE-2013-4469 and CVE-2013-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-12-12 plugin id 71363 published 2013-12-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71363 title Fedora 19 : openstack-nova-2013.1.4-3.fc19 (2013-22693) NASL family Fedora Local Security Checks NASL id FEDORA_2013-13244.NASL description - Update to the latest Grizzly stable 2013.1.2 - Fix CVE-2013-2096 - Move openstack-nova-novncproxy from novnc to openstack-nova Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-07-29 plugin id 69095 published 2013-07-29 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69095 title Fedora 19 : novnc-0.4-7.fc19 / openstack-nova-2013.1.2-4.fc19 (2013-13244) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1831-1.NASL description Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66496 published 2013-05-17 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66496 title Ubuntu 12.04 LTS / 12.10 / 13.04 : nova vulnerability (USN-1831-1) NASL family Fedora Local Security Checks NASL id FEDORA_2013-22667.NASL description - Ensure we don last seen 2020-03-17 modified 2013-12-14 plugin id 71418 published 2013-12-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71418 title Fedora 20 : openstack-nova-2013.2-4.fc20 (2013-22667)