CVE-2013-1838 - OpenCVE

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Openstack	Grizzly Essex Folsom
Canonical	Ubuntu Linux

Configuration 1 [-]

OR	cpe:2.3:a:openstack:essex:2012.1:::::::*
	cpe:2.3:a:openstack:folsom:2012.2:::::::*
	cpe:2.3:a:openstack:grizzly:2012.2:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*

References

Link	Resource
http://osvdb.org/91303
http://rhn.redhat.com/errata/RHSA-2013-0709.html
http://secunia.com/advisories/52580	Vendor Advisory
http://secunia.com/advisories/52728	Vendor Advisory
http://ubuntu.com/usn/usn-1771-1
http://www.openwall.com/lists/oss-security/2013/03/14/18
http://www.securityfocus.com/bid/58492
https://bugs.launchpad.net/nova/+bug/1125468
https://bugzilla.redhat.com/show_bug.cgi?id=919648
https://exchange.xforce.ibmcloud.com/vulnerabilities/82877
https://lists.launchpad.net/openstack/msg21892.html
https://review.openstack.org/#/c/24451/
https://review.openstack.org/#/c/24452/
https://review.openstack.org/#/c/24453/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2013-03-22T21:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-1838

JSON object: View

NVD Information

Status : Modified

Published: 2013-03-22T21:55:01.453

Modified: 2017-08-29T01:33:11.497

Link: CVE-2013-1838

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.launchpad.net/openstack/msg21892.html"}, {"name": "58492", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/58492"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/nova/+bug/1125468"}, {"name": "USN-1771-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-1771-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://review.openstack.org/#/c/24453/"}, {"name": "52728", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52728"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"}, {"name": "52580", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52580"}, {"name": "91303", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/91303"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://review.openstack.org/#/c/24452/"}, {"name": "nova-fixedips-dos(82877)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"}, {"name": "RHSA-2013:0709", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://review.openstack.org/#/c/24451/"}, {"name": "[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/03/14/18"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1838", "datePublished": "2013-03-22T21:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", "matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", "matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*", "matchCriteriaId": "C1D5C8DE-FC66-4787-A65B-CA921881DF67", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function."}, {"lang": "es", "value": "OpenStack Compute (Nova) Grizzly, Folsom (versi\u00f3n 2012.2) y Essex (versi\u00f3n 2012.1) no implementan apropiadamente una cuota para direcciones IP fijas, lo que permite a los usuarios autenticados remotos causar una denegaci\u00f3n de servicio (agotamiento de recursos y fallo para crear nuevas instancias) por medio de un gran n\u00famero de llamadas a la funci\u00f3n addFixedIp."}], "evaluatorImpact": "Per http://www.ubuntu.com/usn/usn-1771-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\"", "id": "CVE-2013-1838", "lastModified": "2017-08-29T01:33:11.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-22T21:55:01.453", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/91303"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52580"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52728"}, {"source": "secalert@redhat.com", "url": "http://ubuntu.com/usn/usn-1771-1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/03/14/18"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/58492"}, {"source": "secalert@redhat.com", "url": "https://bugs.launchpad.net/nova/+bug/1125468"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"}, {"source": "secalert@redhat.com", "url": "https://lists.launchpad.net/openstack/msg21892.html"}, {"source": "secalert@redhat.com", "url": "https://review.openstack.org/#/c/24451/"}, {"source": "secalert@redhat.com", "url": "https://review.openstack.org/#/c/24452/"}, {"source": "secalert@redhat.com", "url": "https://review.openstack.org/#/c/24453/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}