Vulnerabilities > CVE-2013-4463 - Resource Management Errors vulnerability in Openstack Folsom, Grizzly and Havana

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.

Vulnerable Configurations

Part Description Count
Application
Openstack
3

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-22693.NASL
    descriptionFix CVE-2013-4469 and CVE-2013-4463 Fix CVE-2013-4469 and CVE-2013-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-12-12
    plugin id71363
    published2013-12-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71363
    titleFedora 19 : openstack-nova-2013.1.4-3.fc19 (2013-22693)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2247-1.NASL
    descriptionDarragh O
    last seen2020-06-01
    modified2020-06-02
    plugin id76109
    published2014-06-18
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76109
    titleUbuntu 12.04 LTS / 13.10 / 14.04 LTS : nova vulnerabilities (USN-2247-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-22667.NASL
    description - Ensure we don
    last seen2020-03-17
    modified2013-12-14
    plugin id71418
    published2013-12-14
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71418
    titleFedora 20 : openstack-nova-2013.2-4.fc20 (2013-22667)

Redhat

advisories
rhsa
idRHSA-2014:0112
rpms
  • openstack-nova-0:2013.1.4-4.el6ost
  • openstack-nova-api-0:2013.1.4-4.el6ost
  • openstack-nova-cells-0:2013.1.4-4.el6ost
  • openstack-nova-cert-0:2013.1.4-4.el6ost
  • openstack-nova-common-0:2013.1.4-4.el6ost
  • openstack-nova-compute-0:2013.1.4-4.el6ost
  • openstack-nova-conductor-0:2013.1.4-4.el6ost
  • openstack-nova-console-0:2013.1.4-4.el6ost
  • openstack-nova-doc-0:2013.1.4-4.el6ost
  • openstack-nova-network-0:2013.1.4-4.el6ost
  • openstack-nova-objectstore-0:2013.1.4-4.el6ost
  • openstack-nova-scheduler-0:2013.1.4-4.el6ost
  • python-nova-0:2013.1.4-4.el6ost