PT-2013-5030 · Openstack+1 · Openstack Compute+2
Bernhard M. Wiedemann
+1
·
Published
2013-11-02
·
Updated
2023-02-13
·
CVE-2013-4469
CVSS v2.0
1.9
Low
| Vector | AV:L/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
OpenStack Compute (Nova) versions Folsom through Havana
Description
The issue allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance, when
use cow images is set to False. This occurs because the virtual size of a QCOW2 image is not verified.Recommendations
For OpenStack Compute (Nova) versions Folsom through Havana, as a temporary workaround, consider setting
use cow images to True to mitigate the risk of exploitation.
Restrict access to transferring images from Glance to minimize the risk of host file system disk consumption.Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Glance
Openstack Compute
Ubuntu