CVE-2013-1838

Published: Mar 22, 2013Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

Affected (6)

Products: Openstack: Essex, Folsom, Grizzly · Canonical: Ubuntu Linux

3 products

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Openstack Essex	Version 2012.1
Openstack Folsom	Version 2012.2
Openstack Grizzly	Version 2012.2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 11.10
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10

Related CWEs

References (28)

http://osvdb.org/91303

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0709.html

Source: secalert@redhat.com

http://secunia.com/advisories/52580

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/52728

Source: secalert@redhat.com

Vendor Advisory

http://ubuntu.com/usn/usn-1771-1

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/03/14/18

Source: secalert@redhat.com

http://www.securityfocus.com/bid/58492

Source: secalert@redhat.com

https://bugs.launchpad.net/nova/+bug/1125468

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=919648

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/82877

Source: secalert@redhat.com

https://lists.launchpad.net/openstack/msg21892.html

Source: secalert@redhat.com

https://review.openstack.org/#/c/24451/

Source: secalert@redhat.com

https://review.openstack.org/#/c/24452/

Source: secalert@redhat.com

https://review.openstack.org/#/c/24453/

Source: secalert@redhat.com

http://osvdb.org/91303

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0709.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/52580

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/52728

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://ubuntu.com/usn/usn-1771-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/03/14/18

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/58492

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/nova/+bug/1125468

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=919648

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/82877

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.launchpad.net/openstack/msg21892.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://review.openstack.org/#/c/24451/

Source: af854a3a-2127-422b-91ae-364da2661108

https://review.openstack.org/#/c/24452/

Source: af854a3a-2127-422b-91ae-364da2661108

https://review.openstack.org/#/c/24453/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.