Bug 893355 (CVE-2013-0168)

Summary: CVE-2013-0168 rhev-m: insufficient MoveDisk target domain permission checks
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acathrow, bazulay, cpelland, derez, iheim, jkt, lpeer, Rhev-m-bugs, security-response-team, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20130204,reported=20121210,source=redhat,cvss2=1.7/AV:L/AC:L/Au:S/C:N/I:N/A:P,rhev-m-3/ovirt-engine-backend=affected,rhev-m-2/ovirt-engine-backend=notaffected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-24 09:48:47 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 885475, 893357    
Bug Blocks: 893358, 905884    

Description Petr Matousek 2013-01-09 03:07:06 EST
A flaw was found in the way MoveDisk command checks permissions on target storage domain. A privileged user (storage admin of other storage domain) can use this flaw to conduct denial of service attack on the target domain by exhausting the available free space.


This issue was discovered by Ondrej Machacek of Red Hat.
Comment 2 errata-xmlrpc 2013-02-04 18:36:35 EST
This issue has been addressed in following products:

  RHEV Manager version 3.1

Via RHSA-2013:0211 https://rhn.redhat.com/errata/RHSA-2013-0211.html