OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | nova | < 2013.2-1 | nova_2013.2-1_all.deb |
Debian | 11 | all | nova | < 2013.2-1 | nova_2013.2-1_all.deb |
Debian | 10 | all | nova | < 2013.2-1 | nova_2013.2-1_all.deb |
Debian | 999 | all | nova | < 2013.2-1 | nova_2013.2-1_all.deb |