Bug 1183647 (CVE-2014-9623) - CVE-2014-9623 openstack-glance: user storage quota bypass
Summary: CVE-2014-9623 openstack-glance: user storage quota bypass
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-9623
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1117677 (view as bug list)
Depends On: 1187001 1187002 1187003 1192212 1192213
Blocks: 1183648
TreeView+ depends on / blocked
 
Reported: 2015-01-19 11:49 UTC by Vasyl Kaigorodov
Modified: 2023-05-12 06:40 UTC (History)
32 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A storage quota bypass flaw was found in OpenStack Image (glance). If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service.
Clone Of:
Environment:
Last Closed: 2015-04-17 07:28:22 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0644 0 normal SHIPPED_LIVE Low: openstack-glance security and bug fix update 2015-03-06 00:28:55 UTC
Red Hat Product Errata RHSA-2015:0837 0 normal SHIPPED_LIVE Low: openstack-glance security and bug fix update 2015-04-16 17:52:38 UTC
Red Hat Product Errata RHSA-2015:0838 0 normal SHIPPED_LIVE Low: openstack-glance security and bug fix update 2015-04-16 19:08:38 UTC

Description Vasyl Kaigorodov 2015-01-19 11:49:10 UTC
Title: Glance user storage quota bypass
Reporter: Tushar Patil (NTT)
Products: Glance
Versions: up to 2014.1.3 and 2014.2 version up to 2014.2.1

Description:
Tushar Patil from NTT reported a vulnerability in Glance. By deleting images
that are being uploaded, a malicious user can overcome the storage quota and
thus may overrun the backend. Images in deleted state are not taken into
account by quota and won't be effectively deleted until the upload is
completed. Only Glance setups configured with user_storage_quota are
affected.

References:
https://launchpad.net/bugs/1398830

Acknowledgements:

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Tushar Patil of NTT as the original reporter.

Comment 1 Kurt Seifried 2015-01-23 20:18:52 UTC
Patches:

Kilo (development branch) fix:
https://review.openstack.org/144464

Juno fix:
https://review.openstack.org/149387

Icehouse fix:
https://review.openstack.org/149646

Comment 9 Flavio Percoco 2015-01-29 14:48:57 UTC
*** Bug 1117677 has been marked as a duplicate of this bug. ***

Comment 14 errata-xmlrpc 2015-03-05 19:30:45 UTC
This issue has been addressed in the following products:

  OpenStack 6 for RHEL 7

Via RHSA-2015:0644 https://rhn.redhat.com/errata/RHSA-2015-0644.html

Comment 15 errata-xmlrpc 2015-04-16 13:58:37 UTC
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 7

Via RHSA-2015:0837 https://rhn.redhat.com/errata/RHSA-2015-0837.html

Comment 16 errata-xmlrpc 2015-04-16 15:09:03 UTC
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 6

Via RHSA-2015:0838 https://rhn.redhat.com/errata/RHSA-2015-0838.html


Note You need to log in before you can comment on or make changes to this bug.