Lucene search
UbuntuUSN-1501-1HistoryJul 11, 2012 - 12:00 a.m.
Nova vulnerability
2012-07-1100:00:00
ubuntu.com
31
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
AI Score
6.1
Confidence
Low
EPSS
0.007
Percentile
80.4%
Releases
- Ubuntu 12.04
Packages
- nova - OpenStack Compute cloud infrastructure
Details
Dan Prince discovered that the Nova scheduler, when using
DifferentHostFilter or SameHostFilter, would make repeated database
instance lookup calls based on passed scheduler hints. An authenticated
attacker could use this to cause a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 12.04 | noarch | python-nova | < 2012.1+stable~20120612-3ee026e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-ajax-console-proxy | < 2012.1+stable~20120612-3ee026e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-api | < 2012.1+stable~20120612-3ee026e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-api-ec2 | < 2012.1+stable~20120612-3ee026e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-api-metadata | < 2012.1+stable~20120612-3ee026e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-api-os-compute | < 2012.1+stable~20120612-3ee026e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-api-os-volume | < 2012.1+stable~20120612-3ee026e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-cert | < 2012.1+stable~20120612-3ee026e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-common | < 2012.1+stable~20120612-3ee026e-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-compute | < 2012.1+stable~20120612-3ee026e-0ubuntu1.2 | UNKNOWN |
References
Related
nvd
nvd
CVE-2012-3371
2012-07-17 21:55:02
github
github
OpenStack Nova Scheduler denial of service through scheduler_hints
2022-05-17 05:25:08
nessus
nessus
Fedora 17 : openstack-nova-2012.1.1-4.fc17 (2012-10939)
2012-07-30 00:00:00
Ubuntu 12.04 LTS : nova vulnerability (USN-1501-1)
2012-07-12 00:00:00
prion
prion
Design/Logic Flaw
2012-07-17 21:55:00
debiancve
debiancve
CVE-2012-3371
2012-07-17 21:55:02
cvelist
cvelist
CVE-2012-3371
2012-07-17 21:00:00
cve
cve
CVE-2012-3371
2012-07-17 21:55:02
openvas
openvas
Ubuntu Update for nova USN-1501-1
2012-07-16 00:00:00
Ubuntu: Security Advisory (USN-1501-1)
2012-07-16 00:00:00
Fedora Update for openstack-nova FEDORA-2012-10939
2012-08-30 00:00:00
ubuntucve
ubuntucve
CVE-2012-3371
2012-07-11 00:00:00
osv
osv
OpenStack Nova Scheduler denial of service through scheduler_hints
2022-05-17 05:25:08
fedora
fedora
[SECURITY] Fedora 17 Update: openstack-nova-2012.1.1-4.fc17
2012-07-29 00:53:08
[SECURITY] Fedora 17 Update: openstack-nova-2012.1.1-15.fc17
2012-08-21 09:53:13
[SECURITY] Fedora 17 Update: openstack-nova-2012.1.3-3.fc17
2013-02-10 04:43:56
securityvulns
securityvulns
Nova security vulnerabilities
2012-08-27 00:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
AI Score
6.1
Confidence
Low
EPSS
0.007
Percentile
80.4%
Related for USN-1501-1