Thierry

**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone versions Essex 2012.1.3 and earlier OpenStack Keystone versions Folsom 2012.2.3 and earlier OpenStack Keystone versions Grizzly grizzly-2 and earlier **Description** The issue allows remote attackers to cause a denial of service, specifically disk consumption, by sending many invalid token requests. This triggers the excessive generation of log entries. **Recommendations** For OpenStack Keystone versions Essex 2012.1.3 and earlier, update to a version later than 2012.1.3 to resolve the issue. For OpenStack Keystone versions Folsom 2012.2.3 and earlier, update to a version later than 2012.2.3 to resolve the issue. For OpenStack Keystone versions Grizzly grizzly-2 and earlier, update to a version later than grizzly-2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenStack Compute (Nova) versions 2012.1.x through 2012.1.1 OpenStack Compute (Nova) versions Folsom through Folsom-2 **Description** The issue allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. This problem exists due to an incomplete fix. **Recommendations** For OpenStack Compute (Nova) versions 2012.1.x through 2012.1.1, update to version 2012.1.2 or later. For OpenStack Compute (Nova) versions Folsom through Folsom-2, update to Folsom-3 or later. As a temporary workaround, consider restricting access to the `virt/disk/api.py` module to minimize the risk of exploitation.