Launchpad CVE tracker

CVE 2012-1585

OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.

Related bugs and status

CVE-2012-1585 (Candidate) is related to these bugs:

Bug #861459: /etc/nova/nova-compute.conf not owned by nova

Summary				In	Importance	Status
	861459	/etc/nova/nova-compute.conf not owned by nova		nova (Ubuntu)	Low	Fix Released

Bug #942646: No logrotate files for nova-manage and nova-dhcbridge

Summary				In	Importance	Status
	942646	No logrotate files for nova-manage and nova-dhcbridge		nova (Ubuntu)	Medium	Fix Released

Bug #962515: PUT/POST of large server name's can increase nova API log file size massively

Summary				In	Importance	Status
	962515	PUT/POST of large server name's can increase nova API log file size massively		OpenStack Compute (nova)	High	Fix Released
	962515	PUT/POST of large server name's can increase nova API log file size massively		OpenStack Compute (nova) diablo	High	Fix Released

Bug #965356: unnecessary dep: nova-api -> nova-cert

Summary				In	Importance	Status
	965356	unnecessary dep: nova-api -> nova-cert		nova (Ubuntu)	Undecided	Fix Released

Bug #968411: [Precise] nova is vulnerable to CVE-2012-1585

Summary				In	Importance	Status
	968411	[Precise] nova is vulnerable to CVE-2012-1585		nova (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-1585

References