CVE-2012-2101 — Openstack Compute (Nova) Denial of service via network request that triggers lar

Description

Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.

How to fix CVE-2012-2101

To remediate CVE-2012-2101, upgrade the affected package to a fixed version below.

Debian/nova—upgrade to 2012.1-2 or later
—upgrade to 12.0.0a0 or later
—upgrade to 8c8735a73afb16d5856f0aa6088e9ae406c52beb or later

Is CVE-2012-2101 being exploited?

Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 2012.1-2
from 0, < 12.0.0a0
from 0, < 8c8735a73afb16d5856f0aa6088e9ae406c52beb, < a67db4586f70ed881d65e80035b2a25be195ce64, < 1f644d210557b1254f7c7b39424b09a45329ade7 | from 0

References (17)

ADVISORYsecunia.com/advisories/49034
ADVISORYsecunia.com/advisories/49048
ADVISORYgithub.com/advisories/GHSA-hq3f-9gf7-73r8
ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-2101
ADVISORYsecurity-tracker.debian.org