oss-sec mailing list archives
CVE request for vulnerability in OpenStack Glance
From: Tristan Cacqueray <tristan.cacqueray () enovance com>
Date: Tue, 19 Aug 2014 10:43:23 -0400
A vulnerability was discovered in OpenStack (see below). In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. Title: Glance store DoS through disk space exhaustion Reporter: Thomas Leaman (HP), Stuart McLaren (HP) Products: Glance Versions: up to 2013.2.3 and 2014.1 to 2014.1.1 Description: Thomas Leaman and Stuart McLaren from Hewlett Packard reported a vulnerability in Glance. By uploading a large enough image to a Glance store, an authenticated user may fill the store space because the image_size_cap configuration option is not honored. This may prevent further image upload and/or cause service disruption. Note that the import method is not affected. All Glance setups using API v2 are affected (unless you use a policy to restrict/disable image upload). References: https://launchpad.net/bugs/1315321 Thanks in advance, -- Tristan Cacqueray OpenStack Vulnerability Management Team
Attachment:
signature.asc
Description:
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Aug 19)
- Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Aug 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Aug 19)
- Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Aug 19)