CVE-2013-4469 - OpenCVE

OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Openstack	Grizzly Havana Folsom

Configuration 1 [-]

OR	cpe:2.3:a:openstack:folsom:-:::::::*
	cpe:2.3:a:openstack:grizzly:-:::::::*
	cpe:2.3:a:openstack:havana:-:::::::*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2013/10/31/3	Patch
http://www.ubuntu.com/usn/USN-2247-1
https://bugs.launchpad.net/nova/+bug/1206081	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2013-11-02T18:00:00

Updated: 2014-06-19T14:57:00

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4469

JSON object: View

NVD Information

Status : Modified

Published: 2013-11-02T18:55:03.237

Modified: 2023-11-07T02:16:18.980

Link: CVE-2013-4469

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5BA13BC-F088-45AA-AD10-B74F89CE5375", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*", "matchCriteriaId": "A83ED744-9E3D-4510-B3E6-6DDE1090F0B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*", "matchCriteriaId": "77522028-683C-4708-AF46-50B49A0A2D15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096."}, {"lang": "es", "value": "OpenStack Compute (Nova) Folsom, Grizzly, y Habana, cuando use_cow_images se establece como False, no verifica el tama\u00f1o virtual de una imagen qcow2, que permite a usuarios locales provocar una denegaci\u00f3n de servicio (consumo de disco del sistema de archivos host) mediante la transferencia de una imagen con un tama\u00f1o virtual grande que no contiene una gran cantidad de datos desde Glance. NOTA: este problema se debe a una correcci\u00f3n incompleta de CVE-2013-2096."}], "id": "CVE-2013-4469", "lastModified": "2023-11-07T02:16:18.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-11-02T18:55:03.237", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2013/10/31/3"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2247-1"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/nova/+bug/1206081"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}