Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1080289 - (CVE-2014-2573) CVE-2014-2573 openstack-nova: Nova VMware driver leaks rescued images
CVE-2014-2573 openstack-nova: Nova VMware driver leaks rescued images
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20140120,repor...
: Security
: 1068698 (view as bug list)
Depends On: 1068698 1108404 1108406 1149979
Blocks: 1080292 1150352 1150897
  Show dependency treegraph
 
Reported: 2014-03-25 01:28 EDT by Garth Mollett
Modified: 2016-04-26 19:22 EDT (History)
29 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in the nova VMware driver. An authenticated user could exceed their quota by placing an image into rescue and then deleting it, causing the rescue image to be left behind. Note that only setups using the nova VMware driver were affected.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-11-12 00:13:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Garth Mollett 2014-03-25 01:28:31 EDT 
The OpenStack Vulnerability Management Team reports:

Title: Nova VMWare driver leaks rescued images
Reporter: Jaroslav Henner (Red Hat)
Products: Nova
Versions: 2013.2 to 2013.2.2

Description:
Jaroslav Henner from Red Hat reported a vulnerability in Nova. By
requesting Nova place an image into rescue, then deleting
the image, an authenticated user my exceed their quota. This can
result in a denial of service via excessive resource consumption. Only
setups using the Nova VMWare driver are affected.
Comment 1 Garth Mollett 2014-06-02 02:45:58 EDT 
Acknowledgements:

This issue was discovered by Jaroslav Henner of Red Hat.
Comment 3 Garth Mollett 2014-06-11 20:55:35 EDT 
*** Bug 1068698 has been marked as a duplicate of this bug. ***
Comment 6 Martin Prpič 2014-10-21 04:13:53 EDT 
IssueDescription:

A denial of service flaw was found in the nova VMware driver. An authenticated user could exceed their quota by placing an image into rescue and then deleting it, causing the rescue image to be left behind. Note that only setups using the nova VMware driver were affected.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.