Vulnerabilities > CVE-2013-6437 - Resource Management Errors vulnerability in Openstack Nova

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
openstack
CWE-399
NVD
Published: 2014-03-06
Updated: 2018-11-16

Summary

The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.

Vulnerable Configurations

Part Description Count
Application
Openstack
15

Common Weakness Enumeration (CWE)

Redhat

advisories
rhsa
idRHSA-2014:0231
rpms
  • openstack-nova-0:2013.2.2-2.el6ost
  • openstack-nova-api-0:2013.2.2-2.el6ost
  • openstack-nova-cells-0:2013.2.2-2.el6ost
  • openstack-nova-cert-0:2013.2.2-2.el6ost
  • openstack-nova-common-0:2013.2.2-2.el6ost
  • openstack-nova-compute-0:2013.2.2-2.el6ost
  • openstack-nova-conductor-0:2013.2.2-2.el6ost
  • openstack-nova-console-0:2013.2.2-2.el6ost
  • openstack-nova-doc-0:2013.2.2-2.el6ost
  • openstack-nova-network-0:2013.2.2-2.el6ost
  • openstack-nova-novncproxy-0:2013.2.2-2.el6ost
  • openstack-nova-objectstore-0:2013.2.2-2.el6ost
  • openstack-nova-scheduler-0:2013.2.2-2.el6ost
  • python-nova-0:2013.2.2-2.el6ost

References