CVE-2012-3371 - Vulnerability Details - OpenCVE

The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00881.

Key SSVC decision points have not yet been added.

Vendors	Products
Openstack	Compute Essex Folsom

Configuration 1 [-]

OR	cpe:2.3:a:openstack:compute:2012.2:::::::*
	cpe:2.3:a:openstack:essex:2012.1:::::::*
	cpe:2.3:a:openstack:folsom:2012.2:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2012-0023	The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.
Github GHSA	GHSA-xxgm-qpj5-4886	OpenStack Nova Scheduler denial of service through scheduler_hints
Ubuntu USN	USN-1501-1	Nova vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2012/07/11/13
http://www.securityfocus.com/bid/54388
http://www.ubuntu.com/usn/USN-1501-1
https://bugs.launchpad.net/nova/+bug/1017795
https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d
https://lists.launchpad.net/openstack/msg14452.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-07-17T21:00:00

Updated: 2024-08-06T20:05:12.113Z

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3371

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-07-17T21:55:02.350

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-3371

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-07-11T00:00:00", "descriptions": [{"lang": "en", "value": "The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-07-25T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "54388", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/54388"}, {"name": "[openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.launchpad.net/openstack/msg14452.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/nova/+bug/1017795"}, {"name": "[oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/07/11/13"}, {"name": "USN-1501-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1501-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:05:12.113Z"}, "title": "CVE Program Container", "references": [{"name": "54388", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/54388"}, {"name": "[openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.launchpad.net/openstack/msg14452.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/nova/+bug/1017795"}, {"name": "[oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/07/11/13"}, {"name": "USN-1501-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1501-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3371", "datePublished": "2012-07-17T21:00:00", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2024-08-06T20:05:12.113Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:compute:2012.2:*:*:*:*:*:*:*", "matchCriteriaId": "0E9D8029-F7DD-435D-B4F4-D3DABDB7333B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", "matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", "matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section."}, {"lang": "es", "value": "El planificador Nova en OpenStack Compute (Nova) Folsom (2012.2) y Essex (2012.1), cuando DifferentHostFilter o SameHostFilter est\u00e1n activados, permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (exceso de llamadas de b\u00fasqueda de base de datos y el servidor se bloquea) a trav\u00e9s de una solicitud con muchos identificadores repetidos en el sistema operativo: Secci\u00f3n scheduler_hints."}], "id": "CVE-2012-3371", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-07-17T21:55:02.350", "references": [{"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/07/11/13"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/54388"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1501-1"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/nova/+bug/1017795"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d"}, {"source": "secalert@redhat.com", "url": "https://lists.launchpad.net/openstack/msg14452.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/07/11/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/54388"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1501-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/nova/+bug/1017795"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.launchpad.net/openstack/msg14452.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}