OpenStack Compute (Nova) compression 'qcow2 'Disk Image Denial of Service Vulnerability
Release date:
Updated on:
Affected Systems:
Openstack Nova
Description:
--------------------------------------------------------------------------------
Bugtraq id: 63467
CVE (CAN) ID: CVE-2013-4463
OpenStack Compute (Nova) is a cloud computing constructor written in Python and is part of the laaS system.
OpenStack Compute (Nova) Folsom, Grizzly, Havana does not verify the actual size of the QCOW2 image after use_cow_images is set to False, A local user can exploit this vulnerability to cause a denial of service (the host file system disk is exhausted) by transmitting images that do not contain a large amount of data but have a large effectiveness ).
<* Source: Bernhard M. Wiedemann
Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 1023239
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://lists.openstack.org/pipermail/openstack-announce/
Https://bugs.launchpad.net/nova/+bug/1206081
Http://www.openwall.com/lists/oss-security/2013/10/31/3
Https://bugzilla.redhat.com/attachment.cgi? Id = 816275
Https://bugzilla.redhat.com/attachment.cgi? Id = 816276
Https://bugzilla.redhat.com/attachment.cgi? Id = 816277
Install and deploy Openstack on Ubuntu 12.10
Ubuntu 12.04 OpenStack Swift single-node deployment Manual
OpenStack cloud computing quick start tutorial
Deploying OpenStack for enterprises: what should be done and what should not be done