Bug 1080289 (CVE-2014-2573)

Summary: CVE-2014-2573 openstack-nova: Nova VMware driver leaks rescued images
Product: [Other] Security Response Reporter: Garth Mollett <gmollett>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, akscram, alexander.sakhnov, aortega, apevec, apevec, ayoung, bfilippov, chrisw, davidx, d.busby, gkotton, itamar, Jan.van.Eldik, jhenner, jonathansteffan, jose.castro.leon, jrusnack, lhh, markmc, mlvov, mmagr, ndipanov, p, rbryant, rhos-maint, rk, sclewis, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in the nova VMware driver. An authenticated user could exceed their quota by placing an image into rescue and then deleting it, causing the rescue image to be left behind. Note that only setups using the nova VMware driver were affected.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-11-12 05:13:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1068698, 1108404, 1108406, 1149979    
Bug Blocks: 1080292, 1150352, 1150897    

Description Garth Mollett 2014-03-25 05:28:31 UTC 
The OpenStack Vulnerability Management Team reports:

Title: Nova VMWare driver leaks rescued images
Reporter: Jaroslav Henner (Red Hat)
Products: Nova
Versions: 2013.2 to 2013.2.2

Description:
Jaroslav Henner from Red Hat reported a vulnerability in Nova. By
requesting Nova place an image into rescue, then deleting
the image, an authenticated user my exceed their quota. This can
result in a denial of service via excessive resource consumption. Only
setups using the Nova VMWare driver are affected.
Comment 1 Garth Mollett 2014-06-02 06:45:58 UTC 
Acknowledgements:

This issue was discovered by Jaroslav Henner of Red Hat.
Comment 3 Garth Mollett 2014-06-12 00:55:35 UTC 
*** Bug 1068698 has been marked as a duplicate of this bug. ***
Comment 6 Martin Prpič 2014-10-21 08:13:53 UTC 
IssueDescription:

A denial of service flaw was found in the nova VMware driver. An authenticated user could exceed their quota by placing an image into rescue and then deleting it, causing the rescue image to be left behind. Note that only setups using the nova VMware driver were affected.