[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1862050] Re: Race condition while allocating floating IPs

C1 seems appropriate as the risk is not inherent to all deployments and
there are multiple ways to prevent/mitigate where needed.

You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.

  Race condition while allocating floating IPs

Status in neutron:
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  I work as a penetration tester, in one of the last projects our team
  encountered a problem in openstack, We are not sure whether to
  consider this an openstack security vulnerability. Hope you could
  clarify things for us.

  We were testing race condition vulnerabilities on resources that have a limit per project. For example floating IP number.
  The idea is to make backend server recieve a lot of same requests at the same moment, and because the server has to proccess all of them simultaneously we could get a situation where the limits are not checked properly.

  Sending 500 requests (each in individual thread) directly to the
  Neutron API for allocation floating IPs resulted in exceeding the IP
  limit by 4 times.

  Request example:

  POST /v2.0/floatingips HTTP/1.1
  Host: ...
  X-Auth-Token: ...
  Content-Type: application/json
  Content-Length: 103

      "floatingip": {
          "floating_network_id": "..."

  Is it a known openstack behavior or is it more like a hardware

To manage notifications about this bug go to: