Dan Prince discovered that Nova did not properly perform input validation on
the length of server names. An authenticated attacker could issue requests
using long server names to exhaust the storage resources containing the Nova
API log file.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 11.10 | noarch | python-nova | <Â 2011.3-0ubuntu6.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-ajax-console-proxy | <Â 2011.3-0ubuntu6.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-api | <Â 2011.3-0ubuntu6.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-common | <Â 2011.3-0ubuntu6.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-compute | <Â 2011.3-0ubuntu6.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-compute-kvm | <Â 2011.3-0ubuntu6.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-compute-lxc | <Â 2011.3-0ubuntu6.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-compute-uml | <Â 2011.3-0ubuntu6.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-compute-xen | <Â 2011.3-0ubuntu6.5 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-doc | <Â 2011.3-0ubuntu6.5 | UNKNOWN |