Comment 26 for bug 1196932
Revision history for this message
| John Dickinson (notmyname) wrote Re: Possibly DoS attack using object tombstones | #26 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
@Peter, please compare your work against that which Mike proposed
@Thierry, yes, we should roll a 1.9.1 with this patch when it lands.
I'd update the CVE description to the following (I'm sure it could be improved):
Peter Portante at Red Hat, Inc. reported a vulnerability in Swift. By issuing requests with an old X-Timestamp value, an authenticated attacker can fill an object server with superfluous object tombstones, which may significantly slow down subsequent requests to that object server, facilitating a Denial of Service attack against Swift clusters. The patch prevents this behavior by rejecting requests that would add older objects on disk.