[OSSA 2013-024] Resource limit circumvention in Nova private flavors (CVE-2013-4278)

[Thierry Carrez <thierry () openstack org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

OpenStack Security Advisory: 2013-024
CVE: CVE-2013-4278
Date: August 28, 2013
Title: Resource limit circumvention in Nova private flavors
Reporter: Ken'ichi Ohmichi (NEC)
Products: Nova
Affects: All versions

Description:
Ken'ichi Ohmichi from NEC reported that the fix for OSSA 2013-019
(CVE-2013-2256) was incomplete. Any tenant was still able to boot any
other tenant's private flavors by guessing a flavor ID. This potentially
allowed circumvention of any resource limits enforced through the
os-flavor-access:is_public property.

Havana (development branch) fix:
https://review.openstack.org/#/c/42922/

Grizzly fix:
https://review.openstack.org/#/c/43281/

Folsom fix:
https://review.openstack.org/#/c/43296/

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4278
https://bugs.launchpad.net/nova/+bug/1212179

Regards,

- -- 
Thierry Carrez
OpenStack Vulnerability Management Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCAAGBQJSHfcRAAoJEFB6+JAlsQQjpvQP/j1I8/ZNLxCB14BBIYOio9Ra
ZIWcHAEwlZG0z0AtN2YACBnE/kXXu5lCy4fmQ8tQWpPAicKFp5zzFTBnz4Pt9BiD
KtcDHe9keOfmGfIo1dWCZ3UIZt3dmoAuN0BDnS3XZpniufeczZDw3HInQJD17nn1
yrdHIZBt+0SL/wRRGQYcHy8e5EdCD2a2MNEsbYqDqptgBRHL51hUhRyxX8LMEtOI
LsCOvLqnBwOgUlkgRKtkKaYRwxAvHaD3JejWveNqlFXIf6i+j+jrPCophaAYOvTT
ET2pmtEbY4yA6Os64yLALFm01I3L4fYeph4FMo7V96PYU13Xfda4Fql4trKzIwxq
8NCRYMrEyM1Tqi8rjyMA4ed4N3QU83ZHjDYpUO2cz8cH2KNMGCIDuLDoLXIyFOs+
rskNXzVIbQSi0iCS1I0bFfCevOjOyDral+tXW/0bXoRZiIAytq0jWPbr9rC5jmGt
w7PXlW5g94pn6somugggfQTYcO1OawGXcTz+5wfjvadSk+RCY0hdHSwcw3DcuRoY
UsZulKplYN/STawQ0ZoM8vqz1QnbcqNw5asRfSXRZ0j38Y7ZrLBUuNWS9bQJ1rN6
ZYy6cf5uNDkOEsiQu9JuG+CsZUz05GZPgclM+HHjGIatUneKfAm8fqfzPASPsTaX
Crc4E9EcihvoDeqISjdQ
=UGXf
-----END PGP SIGNATURE-----