oss-sec mailing list archives

[OSSA 2016-003] Heat denial of service through template-validate (CVE-2015-5295)

From: Tristan Cacqueray <tdecacqu () redhat com>
Date: Tue, 19 Jan 2016 17:00:13 +0000

===============================================================
OSSA-2016-003: Heat denial of service through template-validate
===============================================================

:Date: January 19, 2016
:CVE: CVE-2015-5295


Affects
~~~~~~~
- Heat: <=2015.1.2, ==5.0.0


Description
~~~~~~~~~~~
Steven Hardy from Red Hat reported a vulnerability in Heat template
validation. By referencing a local file like /dev/zero, an
authenticated user may trick the heat engine service to load arbitrary
local file content resulting in a Denial of Service attack through
memory exhaustion. Note that the file content is not written back to
the user, though the user can determine if a file exists and if it is
readable by heat-engine. All Heat setups are affected.


Patches
~~~~~~~
- https://review.openstack.org/269692 (Kilo)
- https://review.openstack.org/269691 (Liberty)
- https://review.openstack.org/269689 (Mitaka)


Credits
~~~~~~~
- Steven Hardy from Red Hat (CVE-2015-5295)


References
~~~~~~~~~~
- https://bugs.launchpad.net/bugs/1496277
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5295


Notes
~~~~~
- This fix will be included in future 2015.1.3 (kilo) and 5.0.1
  (liberty) releases.

--
Tristan Cacqueray
OpenStack Vulnerability Management Team

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

[OSSA 2016-003] Heat denial of service through template-validate (CVE-2015-5295) Tristan Cacqueray (Jan 19)