Comment 27 for bug 1496277
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: template-validate may read server local files | #27 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Good catch :-)
Title: Heat denial of service through template-validate
Reporter: Steven Hardy (Red Hat)
Products: Heat, python-heatclient
Affects: <=2014.2.3, >=2015.1.0, <=2015.1.2
Description:
Steven Hardy from Red Hat reported a vulnerability in Heat template validation. By referencing a local file like /dev/zero, an authenticated user may trick the heatclient and/or the heat engine service to load arbritrary local file content resulting in a Denial of Service attack through memory exhaustion. Note that the file content is not written back to the user, though the user can determine if a file exists and if it is readable by heat-engine. All Heat setups are affected.