IBM Security Bulletin: Potential Nova denial of service through compressed disk images (CVE-2013-4463, CVE-2013-4469)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirttivoli psirtmedium
0 Comments | 606 Visits
By using malicious compressed qcow2 disk images, an authenticated user may consume large amounts of disk space for each image, potentially resulting in a Denial of Service attack on Nova compute nodes (CVE-2013-4463). Moreover, in the non-default case where use_cow_images=False, and malicious qcow images are being transferred from Glance an authenticated user could still consume large amounts of disk space for each instance using the malicious image, potentially also resulting in a Denial of Service attack on Nova compute nodes (CVE-2013-4469).
IBM SmartCloud Orchestrator 2.2 and 2.3