OpenStack Nova Denial of Service Vulnerability (CVE-2014-3708)
Release date:
Updated on:
Affected Systems:
Openstack Nova
Description:
Bugtraq id: 70777
CVE (CAN) ID: CVE-2014-3708
OpenStack Compute (Nova) is a cloud computing constructor written in Python and is part of the laaS system.
OpenStack Nova API has a Denial-of-Service vulnerability. By listing active servers using IP filters, attackers can overload the process of the nova-network or neutron-server, resulting in DOS. All Nova settings are affected.
<* Source: Hammed Naser
Link: http://www.openwall.com/lists/oss-security/2014/10/28/3
*>
Suggestion:
Vendor patch:
Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Kilo (development branch) fix:
Https://review.openstack.org/131460
Juno fix:
Https://review.openstack.org/131462
Icehouse fix:
Https://review.openstack.org/131461
This article permanently updates the link address: