CVE-2013-1838

Severity

40%

Complexity

80%

Confidentiality

48%

Per http://www.ubuntu.com/usn/usn-1771-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10"

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

Per http://www.ubuntu.com/usn/usn-1771-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10"

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P).

Overview

First reported 11 years ago

2013-03-22 21:55:00

Last updated 7 years ago

2017-08-29 01:33:00

Affected Software

OpenStack Compute (Essex) 2012.1

2012.1

OpenStack Folsom 2012.2

2012.2

Canonical Ubuntu Linux 11.10

11.10

Canonical Ubuntu Linux 12.04 LTS (Long-Term Support)

12.04

Canonical Ubuntu Linux 12.10

12.10

References

91303

RHSA-2013:0709

52580

Vendor Advisory

52728

Vendor Advisory

USN-1771-1

[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)

58492

https://bugs.launchpad.net/nova/+bug/1125468

https://bugzilla.redhat.com/show_bug.cgi?id=919648

nova-fixedips-dos(82877)

[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)

https://review.openstack.org/#/c/24451/

https://review.openstack.org/#/c/24452/

https://review.openstack.org/#/c/24453/

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.