Published: 17/07/2012 Updated: 24/08/2012

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack compute 2012.2
openstack essex 2012.1
openstack folsom 2012.2

Nova could be made to not respond if passed specially crafted input ...

Debian Bug report logs - #681301 CVE-2012-3371 Package: nova; Maintainer for nova is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Thu, 12 Jul 2012 08:21:02 UTC Severity: grave Tags: security Fixed in version nova/201211-5 Done: Ghe Rivero ...

CWE-20 http://www.openwall.com/lists/oss-security/2012/07/11/13 https://bugs.launchpad.net/nova/+bug/1017795 http://www.ubuntu.com/usn/USN-1501-1 https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d https://lists.launchpad.net/openstack/msg14452.html http://www.securityfocus.com/bid/54388 https://usn.ubuntu.com/1501-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3371

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect