Bug 1184716 – CVE-2015-0237 vdsm: Users attempting a live storage migration create snapshot without snapshot creation permissions

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1184716 - (CVE-2015-0237) CVE-2015-0237 vdsm: Users attempting a live storage migration create snapshot without snapshot creation permissions

Summary:	CVE-2015-0237 vdsm: Users attempting a live storage migration create snapshot...

Status:	CLOSED ERRATA

Aliases:	CVE-2015-0237

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20150204,repor...
Keywords:	Reopened, Security

Depends On:	1188081 1188083
Blocks:	1184715 1189044
	Show dependency tree / graph

Reported:	2015-01-22 01:07 EST by Wade Mealing
Modified:	2015-04-30 10:44 EDT (History)
CC List:	23 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	It was discovered that the permissions to allow or deny snapshot creation were ignored during live storage migration of a VM's disk between storage domains. An attacker able to live migrate a disk between storage domains could use this flaw to cause a denial of service.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-04-29 00:06:13 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0888	normal	SHIPPED_LIVE	Moderate: Red Hat Enterprise Virtualization Manager 3.5.1 update	2015-04-28 18:40:04 EDT

Groups: None (edit)

Description Wade Mealing 2015-01-22 01:07:26 EST

Red Hat Enterprise Virtualization has an explicit permissions to allow or deny snapshot creation.  This permission is evaded and unchecked during live storage migration of a vm between hosts.

Long chains of snapshots may cause a performance degradation to the VM.  Effectively a user who can live migrate a host, could prevent the host from starting if migrated frequently.

Acknowledgements:

This issue was discovered by Red Hat Enterprise Visualization Engineering.

Comment 1 Wade Mealing 2015-01-26 19:00:43 EST

kseifired supplied :CVE-2015-0237

Comment 2 Allon Mureinik 2015-01-28 10:04:48 EST

(In reply to Wade Mealing from comment #0)
> This permission is evaded and unchecked during live
> migration of a vm between hosts.
This doesn't happen in live migration of VMs, but in live STORAGE migration of a virtual disk between storage domains.

Comment 7 Kurt Seifried 2015-03-17 01:55:17 EDT

Statement:

This issue affects the versions of ovirt-engine-backend as shipped with Red Hat Enterprise Virtualization 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Comment 13 errata-xmlrpc 2015-04-28 14:44:43 EDT

This issue has been addressed in the following products:

  RHEV Manager version 3.5

Via RHSA-2015:0888 https://rhn.redhat.com/errata/RHSA-2015-0888.html

Note You need to log in before you can comment on or make changes to this bug.

acathrow
alonbl
amureini
bazulay
bmcclain
carnil
dblechte
ecohen
gklein
idith
iheim
jrusnack
juwu
kseifried
lpeer
lsurette
michal.skrivanek
mlipchuk
nobody
security-response-team
thoger
wmealing
yeylon