Comment 32 for bug 1196932
Revision history for this message
| Thierry Carrez (ttx) wrote Re: Possibly DoS attack using object tombstones | #32 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
CVE descriptions talk about the vulnerability, not the patch. Proposed final wording:
-------
Title: Swift Denial of Service using superfluous object tombstones
Reporter: Peter Portante (Red Hat)
Products: Swift
Affects: All versions
Description:
Peter Portante from Red Hat reported a vulnerability in Swift. By issuing requests with an old X-Timestamp value, an authenticated attacker can fill an object server with superfluous object tombstones, which may significantly slow down subsequent requests to that object server, facilitating a Denial of Service attack against Swift clusters.
-------
I'll request the CVE once we get nearer to an acceptable patch.