CVE-2013-4185

2013-08-0700:00:00

ubuntu.com

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

55.2%

JSON

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before
2013.1.3 and Havana before havana-3 does not properly handle network source
security group policy updates, which allows remote authenticated users to
cause a denial of service (nova-network consumption) via a large number of
server-creation operations, which triggers a large number of update
requests.

Bugs

Notes

Author	Note
jdstrand	Ubuntu 13.04 has fix in raring-updates

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchnova< 2012.1.3+stable-20130423-e52e6912-0ubuntu1.2UNKNOWN
ubuntu12.10noarchnova< 2012.2.4-0ubuntu3.1UNKNOWN
ubuntu13.04noarchnova< 1:2013.1.3-0ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	nova	< 2012.1.3+stable-20130423-e52e6912-0ubuntu1.2	UNKNOWN
ubuntu	12.10	noarch	nova	< 2012.2.4-0ubuntu3.1	UNKNOWN
ubuntu	13.04	noarch	nova	< 1:2013.1.3-0ubuntu1.1	UNKNOWN