exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 2 of 2 RSS Feed

CVE-2013-4261

Status Candidate

Overview

OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.

Related Files

Ubuntu Security Notice USN-2000-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2000-1 - It was discovered that Nova did not properly enforce the is_public property when determining flavor access. An authenticated attacker could exploit this to obtain sensitive information in private flavors. This issue only affected Ubuntu 12.10 and 13.10. Grant Murphy discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion. This issue only affected Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4179, CVE-2013-4185, CVE-2013-4261, CVE-2013-2256, CVE-2013-4179, CVE-2013-4185, CVE-2013-4261, CVE-2013-4278
SHA-256 | eb4e594341e0a8e657da13d029ba42e404cf5d54c108b6fc6051975c9ea0508f
Red Hat Security Advisory 2013-1199-01
Posted Sep 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1199-01 - The openstack-nova packages provide OpenStack Compute, which provides services for provisioning, managing, and using virtual machine instances. It was found that the fixes for CVE-2013-1664 and CVE-2013-1665, released via RHSA-2013:0657, did not fully correct the issues in the Extensible Markup Language parser used by Nova. A remote attacker could use this flaw to send a specially-crafted request to a Nova API, causing Nova to consume an excessive amount of CPU and memory, or possibly crash.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-2256, CVE-2013-4179, CVE-2013-4185, CVE-2013-4261
SHA-256 | 48bd532988ffc4e333703861c5d49cbda2575ccba826e960fdadcb6c3ddb00a0
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close