Red Hat Bugzilla – Bug 893355
CVE-2013-0168 rhev-m: insufficient MoveDisk target domain permission checks
Last modified: 2015-07-27 09:26:14 EDT
A flaw was found in the way MoveDisk command checks permissions on target storage domain. A privileged user (storage admin of other storage domain) can use this flaw to conduct denial of service attack on the target domain by exhausting the available free space.
This issue was discovered by Ondrej Machacek of Red Hat.
This issue has been addressed in following products:
RHEV Manager version 3.1
Via RHSA-2013:0211 https://rhn.redhat.com/errata/RHSA-2013-0211.html