A flaw was found in the way target domain permission check was performed when cloning a VM from a snapshot. An attacker can use this flaw to conduct denial of service attack on the target domain by exhausting the available free space.
This issue was discovered by Daniel Erez of the Red Hat Enterprise Virtualization Team.
This issue has been addressed in following products:
RHEV Manager version 3.2
Via RHSA-2013:0888 https://rhn.redhat.com/errata/RHSA-2013-0888.html
Created ovirt-engine tracking bugs for this issue
Affects: fedora-all [bug 972952]