Bug 1080289 (CVE-2014-2573) - CVE-2014-2573 openstack-nova: Nova VMware driver leaks rescued images
Summary: CVE-2014-2573 openstack-nova: Nova VMware driver leaks rescued images
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2014-2573
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1068698 (view as bug list)
Depends On: 1068698 1108404 1108406 1149979
Blocks: 1080292 1150352 1150897
TreeView+ depends on / blocked
 
Reported: 2014-03-25 05:28 UTC by Garth Mollett
Modified: 2019-09-29 13:15 UTC (History)
29 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in the nova VMware driver. An authenticated user could exceed their quota by placing an image into rescue and then deleting it, causing the rescue image to be left behind. Note that only setups using the nova VMware driver were affected.
Clone Of:
Environment:
Last Closed: 2014-11-12 05:13:01 UTC


Attachments (Terms of Use)

Description Garth Mollett 2014-03-25 05:28:31 UTC
The OpenStack Vulnerability Management Team reports:

Title: Nova VMWare driver leaks rescued images
Reporter: Jaroslav Henner (Red Hat)
Products: Nova
Versions: 2013.2 to 2013.2.2

Description:
Jaroslav Henner from Red Hat reported a vulnerability in Nova. By
requesting Nova place an image into rescue, then deleting
the image, an authenticated user my exceed their quota. This can
result in a denial of service via excessive resource consumption. Only
setups using the Nova VMWare driver are affected.

Comment 1 Garth Mollett 2014-06-02 06:45:58 UTC
Acknowledgements:

This issue was discovered by Jaroslav Henner of Red Hat.

Comment 3 Garth Mollett 2014-06-12 00:55:35 UTC
*** Bug 1068698 has been marked as a duplicate of this bug. ***

Comment 6 Martin Prpič 2014-10-21 08:13:53 UTC
IssueDescription:

A denial of service flaw was found in the nova VMware driver. An authenticated user could exceed their quota by placing an image into rescue and then deleting it, causing the rescue image to be left behind. Note that only setups using the nova VMware driver were affected.


Note You need to log in before you can comment on or make changes to this bug.