CVE-2012-2101 - OpenCVE

Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openstack	Nova

Configuration 1 [-]

OR	cpe:2.3:a:openstack:nova:2011.3:::::::*
	cpe:2.3:a:openstack:nova:2012.1:::::::*
	cpe:2.3:a:openstack:nova:folsom:::::::*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html
http://secunia.com/advisories/49034
http://secunia.com/advisories/49048
http://ubuntu.com/usn/usn-1438-1
http://www.osvdb.org/81641
https://bugs.launchpad.net/nova/+bug/969545
https://exchange.xforce.ibmcloud.com/vulnerabilities/75243
https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7
https://github.com/openstack/nova/commit/8c8735a73afb16d5856f0aa6088e9ae406c52beb
https://github.com/openstack/nova/commit/a67db4586f70ed881d65e80035b2a25be195ce64
https://lists.launchpad.net/openstack/msg10268.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-07T19:00:00

Updated: 2024-08-06T19:26:08.143Z

Reserved: 2012-04-04T00:00:00

Link: CVE-2012-2101

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-06-07T19:55:08.290

Modified: 2017-08-29T01:31:30.243

Link: CVE-2012-2101

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7"}, {"name": "81641", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/81641"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openstack/nova/commit/8c8735a73afb16d5856f0aa6088e9ae406c52beb"}, {"name": "USN-1438-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-1438-1"}, {"name": "[openstack] 20120419 [OSSA 2012-005] No quota enforced on security group rules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.launchpad.net/openstack/msg10268.html"}, {"name": "nova-quotas-dos(75243)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75243"}, {"name": "FEDORA-2012-6365", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openstack/nova/commit/a67db4586f70ed881d65e80035b2a25be195ce64"}, {"name": "FEDORA-2012-6273", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html"}, {"name": "49048", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49048"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/nova/+bug/969545"}, {"name": "49034", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49034"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:26:08.143Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7"}, {"name": "81641", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/81641"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/openstack/nova/commit/8c8735a73afb16d5856f0aa6088e9ae406c52beb"}, {"name": "USN-1438-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-1438-1"}, {"name": "[openstack] 20120419 [OSSA 2012-005] No quota enforced on security group rules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.launchpad.net/openstack/msg10268.html"}, {"name": "nova-quotas-dos(75243)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75243"}, {"name": "FEDORA-2012-6365", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/openstack/nova/commit/a67db4586f70ed881d65e80035b2a25be195ce64"}, {"name": "FEDORA-2012-6273", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html"}, {"name": "49048", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49048"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/nova/+bug/969545"}, {"name": "49034", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49034"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2101", "datePublished": "2012-06-07T19:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:08.143Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:nova:2011.3:*:*:*:*:*:*:*", "matchCriteriaId": "91787837-B00F-4C62-BCCD-FAAE65563E78", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:2012.1:*:*:*:*:*:*:*", "matchCriteriaId": "3340EB75-EC5E-431E-87F8-06F967961375", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:nova:folsom:*:*:*:*:*:*:*", "matchCriteriaId": "37F07ACC-585B-4890-8447-04F24A45F054", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules."}, {"lang": "es", "value": "Openstack Compute (Nova) Folsom v2012.1 y v2011.3 no limitan el n\u00famero de reglas de seguridad del grupo, lo que permite causar una denegaci\u00f3n de servicio (excesivo consumo de CPU y de disco duro) a usuarios remotos autenticados con determinados permisos a trav\u00e9s de una solicitud de red que provoca una gran n\u00famero de reglas de iptables."}], "id": "CVE-2012-2101", "lastModified": "2017-08-29T01:31:30.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-07T19:55:08.290", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/49034"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/49048"}, {"source": "secalert@redhat.com", "url": "http://ubuntu.com/usn/usn-1438-1"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/81641"}, {"source": "secalert@redhat.com", "url": "https://bugs.launchpad.net/nova/+bug/969545"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75243"}, {"source": "secalert@redhat.com", "url": "https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7"}, {"source": "secalert@redhat.com", "url": "https://github.com/openstack/nova/commit/8c8735a73afb16d5856f0aa6088e9ae406c52beb"}, {"source": "secalert@redhat.com", "url": "https://github.com/openstack/nova/commit/a67db4586f70ed881d65e80035b2a25be195ce64"}, {"source": "secalert@redhat.com", "url": "https://lists.launchpad.net/openstack/msg10268.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}