Ubuntu 14.04 LTS : OpenStack Nova vulnerabilities (USN-2407-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2407-1 advisory. Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated...

USN-2407-1: OpenStack Nova vulnerabilities

Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated user could exploit this to bypass intended quota limits. By default, Ubuntu does not use the VMWare driver. CVE-2014-3608 Amrith Kumar discovere...

CVE-2014-3608

The VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: thi...

OpenStack Compute (Nova) VMWare驱动配额限制绕过拒绝服务漏洞

CVE ID:CVE-2014-2573 OpenStack是由Rackspace和NASA共同开发的云计算平台，帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。OpenStack Nova提供虚拟计算服务。 OpenStack Compute Nova中的VMWare驱动不正确把VM放入RESCURE状态，允许远程通过验证的用户请求VM放入RESCURE状态然后删除映像，可绕过额度限制，消耗资源进行拒绝服务攻击。 0 OpenStack Compute Nova 2013.2 - 2013.2.2 目前没有详细解决方案提供：...

CVE-2014-2573

The VMWare driver in OpenStack Compute Nova 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by requesting the VM be put into rescue and then deleting the imag...