1080289 – (CVE-2014-2573) CVE-2014-2573 openstack-nova: Nova VMware driver leaks rescued images

Bug 1080289 (CVE-2014-2573) - CVE-2014-2573 openstack-nova: Nova VMware driver leaks rescued images

Summary: CVE-2014-2573 openstack-nova: Nova VMware driver leaks rescued images

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2014-2573
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1068698 (view as bug list)
Depends On:	1068698 1108404 1108406 1149979
Blocks:	1080292 1150352 1150897
TreeView+	depends on / blocked

Reported:	2014-03-25 05:28 UTC by Garth Mollett
Modified:	2023-05-12 13:10 UTC (History)
CC List:	29 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	A denial of service flaw was found in the nova VMware driver. An authenticated user could exceed their quota by placing an image into rescue and then deleting it, causing the rescue image to be left behind. Note that only setups using the nova VMware driver were affected.
Clone Of:
Environment:
Last Closed:	2014-11-12 05:13:01 UTC
Embargoed:

Attachments	(Terms of Use)

Description Garth Mollett 2014-03-25 05:28:31 UTC

The OpenStack Vulnerability Management Team reports:

Title: Nova VMWare driver leaks rescued images
Reporter: Jaroslav Henner (Red Hat)
Products: Nova
Versions: 2013.2 to 2013.2.2

Description:
Jaroslav Henner from Red Hat reported a vulnerability in Nova. By
requesting Nova place an image into rescue, then deleting
the image, an authenticated user my exceed their quota. This can
result in a denial of service via excessive resource consumption. Only
setups using the Nova VMWare driver are affected.

Comment 1 Garth Mollett 2014-06-02 06:45:58 UTC

Acknowledgements:

This issue was discovered by Jaroslav Henner of Red Hat.

Comment 3 Garth Mollett 2014-06-12 00:55:35 UTC

*** Bug 1068698 has been marked as a duplicate of this bug. ***

Comment 6 Martin Prpič 2014-10-21 08:13:53 UTC

IssueDescription:

A denial of service flaw was found in the nova VMware driver. An authenticated user could exceed their quota by placing an image into rescue and then deleting it, causing the rescue image to be left behind. Note that only setups using the nova VMware driver were affected.

Note You need to log in before you can comment on or make changes to this bug.

abaron
akscram
alexander.sakhnov
aortega
apevec
apevec
ayoung
bfilippov
chrisw
davidx
d.busby
gkotton
itamar
Jan.van.Eldik
jhenner
jonathansteffan
jose.castro.leon
jrusnack
lhh
markmc
mlvov
mmagr
ndipanov
p
rbryant
rhos-maint
rk
sclewis
yeylon