CVE-2013-0270: Buffer Overflow
First published: Fri Feb 08 2013(Updated: )
Dan Prince (dprince) reports: When long tenant_name is sent few times when requesting token, responsiveness of service decreases until finally it requests ends with MemoryError. keystoneclient.exceptions.AuthorizationFailure: Authorization Failed: Unable to communicate with identity service: Traceback ... MemoryError Includes whole traceback. Memory on keystone host is used up keystone-all process. Also during processing of the request CPU utilization raises for a long time (when and after the first MemoryError state was reached) - like for more than 10 seconds keystone-all can take whole cpu. Version-Release number of selected component (if applicable): Name : openstack-keystone Arch : noarch Version : 2012.2.1 Release : 3.el6ost How reproducible: Use something similiar to following python example few times (5 times with "len(tenant) == 195000000" for keystone host inside VM with 4GB of RAM) Actual results: For first few tries service correctly responds with: (HTTP 400): Authorization Failed: Request attribute tenantName must be less than or equal to 64. The server could not comply with the request because the attribute size is invalid (too large). The client is assumed to be in error. Later with: (HTTP 500): Authorization Failed: Unable to communicate with identity service: Traceback (most recent call last): ... whole backtrace here MemoryError Most memory of keystone host is used by keystone-all process. Expected results: The first 400 error mentioning that attribute is too big for all request (not only first few). And not such a big impact on memory of host. Additional info: Similiar to <a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=906178">bug #906178</a> and so also to related upstream bug <a href="https://bugs.launchpad.net/keystone/+bug/1098307">https://bugs.launchpad.net/keystone/+bug/1098307</a> where they mentioned preparation of general check/defense for too big requests.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/keystone | <8.0.0a0 | 8.0.0a0 |
| OpenStack keystonemiddleware | >=2012.1<=2012.1.3 | |
| OpenStack keystonemiddleware | >=2012.2<=2012.2.4 | |
| OpenStack keystonemiddleware | =2013.1-milestone1 | |
| OpenStack keystonemiddleware | =2013.1-milestone2 | |
| OpenStack keystonemiddleware | =2013.1-milestone3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=906178
- https://bugs.launchpad.net/keystone/+bug/1098307
- https://bugs.launchpad.net/keystone/+bug/1099025
- https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
- https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=909012#c4
- https://github.com/openstack/keystone/commit/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=909012#c3
- https://review.openstack.org/#/c/22661/
- https://rhn.redhat.com/errata/RHSA-2013-0708.html
- https://bugzilla.redhat.com/show_bug.cgi?id=909012
- http://rhn.redhat.com/errata/RHSA-2013-0708.html
- https://launchpad.net/keystone/grizzly/2013.1
- https://nvd.nist.gov/vuln/detail/CVE-2013-0270
- https://github.com/advisories/GHSA-4ppj-4p4v-jf4p (Advisory)
Frequently Asked Questions
What is the severity of CVE-2013-0270?
CVE-2013-0270 is considered to have a moderate severity due to its potential impact on service responsiveness.
How do I fix CVE-2013-0270?
To mitigate CVE-2013-0270, upgrade to keystone version 8.0.0a0 or later via pip.
Which versions of OpenStack Keystone are affected by CVE-2013-0270?
CVE-2013-0270 affects OpenStack Keystone versions prior to 2012.1.3 and between 2012.2.0 and 2012.2.4, as well as versions 2013.1-milestone1, 2013.1-milestone2, and 2013.1-milestone3.
What type of attack does CVE-2013-0270 represent?
CVE-2013-0270 represents a denial-of-service attack that can lead to service unresponsiveness due to memory exhaustion.
Who reported the vulnerability CVE-2013-0270?
The vulnerability CVE-2013-0270 was reported by Dan Prince.
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-4ppj-4p4v-jf4p
- alias/CVE-2013-0270
- agent/software-canonical-lookup
- agent/weakness
- agent/remedy
- agent/severity
- agent/references
- agent/description
- agent/author
- agent/softwarecombine
- collector/redhat-bugzilla
- source/Red Hat
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- package-manager/pip
- vendor/openstack
- canonical/openstack keystonemiddleware
- version/openstack keystonemiddleware/2012.1
- version/openstack keystonemiddleware/2012.1.3
- version/openstack keystonemiddleware/2012.2
- version/openstack keystonemiddleware/2012.2.4
- version/openstack keystonemiddleware/2013.1-milestone1
- version/openstack keystonemiddleware/2013.1-milestone2
- version/openstack keystonemiddleware/2013.1-milestone3