MEDIUM

GHSA-pjvw-p2v5-wf6q

OpenStack Nova Long server names grow nova-api log files significantly

Details

OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / nova

Introduced in: 0 Fixed in: 12.0.0a0

Fix pip install --upgrade 'nova>=12.0.0a0'

References

https://nvd.nist.gov/vuln/detail/CVE-2012-1585 [ADVISORY]
https://bugs.launchpad.net/nova/+bug/962515 [WEB]
https://github.com/openstack/nova [PACKAGE]
http://github.com/openstack/nova/commit/0fa7d12dbfb7ae016657dd91034b4c0781ea43de [WEB]
http://github.com/openstack/nova/commit/1ebec5726c7a9db0a6f29fad0ef747b0c087f702 [WEB]
http://github.com/openstack/nova/commit/c7f526fae6062e9ab51f65474af71d496aa66554 [WEB]
http://github.com/openstack/nova/commit/c869a41951b77c6930bf4fb4734f05cd3d6ac4b1 [WEB]
http://lwn.net/Alerts/491298 [WEB]
http://osdir.com/ml/openstack-cloud-computing/2012-03/msg01133.html [WEB]