Published: 25/03/2014 Updated: 26/03/2014

CVSS v2 Base Score: 2.3 | Impact Score: 2.9 | Exploitability Score: 4.4

VMScore: 205

Vector: AV:A/AC:M/Au:S/C:N/I:N/A:P

The VMWare driver in OpenStack Compute (Nova) 2013.2 up to and including 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack compute 2013.2
openstack compute 2013.2.2
openstack compute 2013.2.1

Debian Bug report logs - #750144 CVE-2014-2573: Nova VMWare driver leaks rescued images Package: src:nova; Maintainer for src:nova is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Mon, 2 Jun 2014 03:33:01 UTC Severity: normal Tags: patch, security Found in ...

A denial of service flaw was found in the nova VMware driver An authenticated user could exceed their quota by placing an image into rescue and then deleting it, causing the rescue image to be left behind Note that only setups using the nova VMware driver were affected ...

CWE-264 http://www.openwall.com/lists/oss-security/2014/03/21/1 http://www.openwall.com/lists/oss-security/2014/03/21/2 https://bugs.launchpad.net/nova/+bug/1269418 http://secunia.com/advisories/57498 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750144 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-2573

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2573

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect