[oss-security] [OSSA 2014-017] Nova VMWare driver leaks rescued images (CVE-2014-2573)
2014-06-19T00:00:00
ID SECURITYVULNS:DOC:30893 Type securityvulns Reporter Securityvulns Modified 2014-06-19T00:00:00
Description
OpenStack Security Advisory: 2014-017
CVE: CVE-2014-2573
Date: May 29, 2014
Title: Nova VMWare driver leaks rescued images
Reporter: Jaroslav Henner (Red Hat)
Products: Nova
Versions: from 2013.2 to 2013.2.3, and 2014.1
Description:
Jaroslav Henner from Red Hat reported a vulnerability in Nova. By
requesting Nova place an image into rescue, then deleting the image,
an authenticated user my exceed their quota. This can result in a
denial of service via excessive resource consumption. Only setups
using the Nova VMWare driver are affected.
-- Jeremy Stanley OpenStack Vulnerability Management Team
{"id": "SECURITYVULNS:DOC:30893", "bulletinFamily": "software", "title": "[oss-security] [OSSA 2014-017] Nova VMWare driver leaks rescued images (CVE-2014-2573)", "description": "\r\n\r\nOpenStack Security Advisory: 2014-017\r\nCVE: CVE-2014-2573\r\nDate: May 29, 2014\r\nTitle: Nova VMWare driver leaks rescued images\r\nReporter: Jaroslav Henner (Red Hat)\r\nProducts: Nova\r\nVersions: from 2013.2 to 2013.2.3, and 2014.1\r\n\r\nDescription:\r\nJaroslav Henner from Red Hat reported a vulnerability in Nova. By\r\nrequesting Nova place an image into rescue, then deleting the image,\r\nan authenticated user my exceed their quota. This can result in a\r\ndenial of service via excessive resource consumption. Only setups\r\nusing the Nova VMWare driver are affected.\r\n\r\nJuno (development branch) fix:\r\nhttps://review.openstack.org/75788\r\nhttps://review.openstack.org/80284\r\n\r\nIcehouse fix:\r\nhttps://review.openstack.org/88514\r\nhttps://review.openstack.org/89217\r\n\r\nHavana fix:\r\nhttps://review.openstack.org/89762\r\nhttps://review.openstack.org/89768\r\n\r\nNotes:\r\nThis fix will be included in the juno-1 development milestone and in\r\nfuture 2013.2.4 and 2014.1.1 releases.\r\n\r\nReferences:\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2573\r\nhttps://launchpad.net/bugs/1269418\r\n\r\n-- Jeremy Stanley OpenStack Vulnerability Management Team\r\n\r\n", "published": "2014-06-19T00:00:00", "modified": "2014-06-19T00:00:00", "cvss": {"score": 2.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30893", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2014-2573"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:52", "edition": 1, "viewCount": 9, "enchantments": {"score": {"value": 6.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2573", "CVE-2014-3608"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-2573", "DEBIANCVE:CVE-2014-3608"]}, {"type": "nessus", "idList": ["SOLARIS11_NOVA_20141120.NASL"]}, {"type": "redhat", "idList": ["RHSA-2014:1781", "RHSA-2014:1782"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13850"]}, {"type": "seebug", "idList": ["SSV:61950"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2573"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2014-2573"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-2573"]}, {"type": "nessus", "idList": ["SOLARIS11_NOVA_20141120.NASL"]}, {"type": "redhat", "idList": ["RHSA-2014:1782"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2573"]}]}, "exploitation": null, "vulnersScore": 6.6}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}
{"seebug": [{"lastseen": "2017-11-19T17:29:35", "description": "CVE ID:CVE-2014-2573\r\n\r\nOpenStack\u662f\u7531Rackspace\u548cNASA\u5171\u540c\u5f00\u53d1\u7684\u4e91\u8ba1\u7b97\u5e73\u53f0\uff0c\u5e2e\u52a9\u670d\u52a1\u5546\u548c\u4f01\u4e1a\u5185\u90e8\u5b9e\u73b0\u7c7b\u4f3c\u4e8eAmazon EC2\u548cS3\u7684\u4e91\u57fa\u7840\u67b6\u6784\u3002OpenStack Nova\u63d0\u4f9b\u865a\u62df\u8ba1\u7b97\u670d\u52a1\u3002\r\n\r\nOpenStack Compute (Nova)\u4e2d\u7684VMWare\u9a71\u52a8\u4e0d\u6b63\u786e\u628aVM\u653e\u5165RESCURE\u72b6\u6001\uff0c\u5141\u8bb8\u8fdc\u7a0b\u901a\u8fc7\u9a8c\u8bc1\u7684\u7528\u6237\u8bf7\u6c42VM\u653e\u5165RESCURE\u72b6\u6001\u7136\u540e\u5220\u9664\u6620\u50cf\uff0c\u53ef\u7ed5\u8fc7\u989d\u5ea6\u9650\u5236\uff0c\u6d88\u8017\u8d44\u6e90\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\n0\nOpenStack Compute (Nova) 2013.2 - 2013.2.2\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://launchpad.net/nova", "published": "2014-03-27T00:00:00", "title": "OpenStack Compute (Nova) VMWare\u9a71\u52a8\u914d\u989d\u9650\u5236\u7ed5\u8fc7\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-2573"], "modified": "2014-03-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61950", "id": "SSV:61950", "sourceData": "", "cvss": {"score": 2.3, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}], "ubuntucve": [{"lastseen": "2021-11-22T21:52:04", "description": "The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does\nnot properly put VMs into RESCUE status, which allows remote authenticated\nusers to bypass the quota limit and cause a denial of service (resource\nconsumption) by requesting the VM be put into rescue and then deleting the\nimage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | requires use with unsupported VMware ESX driver. This is not compiled in to libvirt in the Ubuntu archive, which makes this code path unavailable in Ubuntu\n", "cvss3": {}, "published": "2014-03-25T00:00:00", "type": "ubuntucve", "title": "CVE-2014-2573", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.3, "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2573"], "modified": "2014-03-25T00:00:00", "id": "UB:CVE-2014-2573", "href": "https://ubuntu.com/security/CVE-2014-2573", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-05-08T07:37:28", "description": "The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.", "cvss3": {}, "published": "2014-03-25T16:55:00", "type": "debiancve", "title": "CVE-2014-2573", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.3, "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2573"], "modified": "2014-03-25T16:55:00", "id": "DEBIANCVE:CVE-2014-2573", "href": "https://security-tracker.debian.org/tracker/CVE-2014-2573", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-05-08T07:37:28", "description": "The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.", "cvss3": {}, "published": "2014-10-06T14:55:00", "type": "debiancve", "title": "CVE-2014-3608", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2573", "CVE-2014-3608"], "modified": "2014-10-06T14:55:00", "id": "DEBIANCVE:CVE-2014-3608", "href": "https://security-tracker.debian.org/tracker/CVE-2014-3608", "cvss": {"score": 2.7, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:39:18", "description": "The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.", "cvss3": {}, "published": "2014-03-25T16:55:00", "type": "cve", "title": "CVE-2014-2573", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.3, "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2573"], "modified": "2014-03-26T13:41:00", "cpe": ["cpe:/a:openstack:compute:2013.2.2", "cpe:/a:openstack:compute:2013.2.1", "cpe:/a:openstack:compute:2013.2"], "id": "CVE-2014-2573", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2573", "cvss": {"score": 2.3, "vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openstack:compute:2013.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:compute:2013.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:compute:2013.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:57:39", "description": "The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.", "cvss3": {}, "published": "2014-10-06T14:55:00", "type": "cve", "title": "CVE-2014-3608", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2573", "CVE-2014-3608"], "modified": "2018-11-16T14:59:00", "cpe": ["cpe:/a:openstack:nova:2013.2.4"], "id": "CVE-2014-3608", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3608", "cvss": {"score": 2.7, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openstack:nova:2013.2.4:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-08-19T12:47:06", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image. (CVE-2014-2573)\n\n - The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.\n (CVE-2014-3608)", "cvss3": {"score": null, "vector": null}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : nova (multiple_vulnerabilities_in_nova)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2573", "CVE-2014-3608"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.2", "p-cpe:/a:oracle:solaris:nova"], "id": "SOLARIS11_NOVA_20141120.NASL", "href": "https://www.tenable.com/plugins/nessus/80712", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80712);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-2573\", \"CVE-2014-3608\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : nova (multiple_vulnerabilities_in_nova)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The VMWare driver in OpenStack Compute (Nova) 2013.2\n through 2013.2.2 does not properly put VMs into RESCUE\n status, which allows remote authenticated users to\n bypass the quota limit and cause a denial of service\n (resource consumption) by requesting the VM be put into\n rescue and then deleting the image. (CVE-2014-2573)\n\n - The VMWare driver in OpenStack Compute (Nova) before\n 2014.1.3 allows remote authenticated users to bypass the\n quota limit and cause a denial of service (resource\n consumption) by putting the VM into the rescue state,\n suspending it, which puts into an ERROR state, and then\n deleting the image. NOTE: this vulnerability exists\n because of an incomplete fix for CVE-2014-2573.\n (CVE-2014-3608)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-nova\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dd1a01aa\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.4.6.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:nova\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^nova$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nova\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.4.0.6.0\", sru:\"SRU 11.2.4.6.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : nova\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_note(port:0, extra:error_extra);\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"nova\");\n", "cvss": {"score": 2.7, "vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:40:20", "description": "OpenStack Compute (nova) launches and schedules large networks of virtual\nmachines, creating a redundant and scalable cloud computing platform.\nCompute provides the software, control panels, and APIs required to\norchestrate a cloud, including running virtual machine instances, managing\nnetworks, and controlling access through users and projects.\n\nA race condition flaw was found in the way the nova VMware driver handled\nVNC port allocation. An authenticated user could use this flaw to gain\nunauthorized console access to instances belonging to other tenants by\nrepeatedly spawning new instances. Note that only nova setups using the\nVMware driver and the VNC proxy service were affected. (CVE-2014-8750)\n\nCVE-2014-2573, the fix for which was provided with the initial release of\nRed Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise\nLinux 6, describes a flaw in the nova VMware driver. An authenticated user\ncould exceed their quota by placing an image into rescue and then deleting\nit, causing the rescue image to be left behind.\n\nIt was found that the fix for CVE-2014-2573 was incomplete. A virtual\nmachine could be forced into the ERROR state from rescue by issuing a\nsuspend command. Virtual machines deleted from the ERROR state would still\nleave the rescue image behind, allowing a user to exceed their quota. Note\nthat only setups using the nova VMware driver were affected.\n(CVE-2014-3608)\n\nThe CVE-2014-3608 issue was discovered by Garth Mollett of Red Hat Product\nSecurity.\n\nThe openstack-nova packages have been upgraded to upstream version\n2014.1.3, which provides a number of bug fixes and enhancements over the\nprevious version. (BZ#1149749)\n\nAll openstack-nova users are advised to upgrade to these updated packages,\nwhich correct these issues and add these enhancements.", "cvss3": {}, "published": "2014-11-03T08:20:52", "type": "redhat", "title": "(RHSA-2014:1781) Important: openstack-nova security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2573", "CVE-2014-3608", "CVE-2014-8750"], "modified": "2018-06-06T22:47:59", "id": "RHSA-2014:1781", "href": "https://access.redhat.com/errata/RHSA-2014:1781", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:43:52", "description": "OpenStack Compute (nova) launches and schedules large networks of virtual\nmachines, creating a redundant and scalable cloud computing platform.\nCompute provides the software, control panels, and APIs required to\norchestrate a cloud, including running virtual machine instances, managing\nnetworks, and controlling access through users and projects.\n\nA race condition flaw was found in the way the nova VMware driver handled\nVNC port allocation. An authenticated user could use this flaw to gain\nunauthorized console access to instances belonging to other tenants by\nrepeatedly spawning new instances. Note that only nova setups using the\nVMware driver and the VNC proxy service were affected. (CVE-2014-8750)\n\nCVE-2014-2573, the fix for which was provided with the initial release of\nRed Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise\nLinux 7, describes a flaw in the nova VMware driver. An authenticated user\ncould exceed their quota by placing an image into rescue and then deleting\nit, causing the rescue image to be left behind.\n\nIt was found that the fix for CVE-2014-2573 was incomplete. A virtual\nmachine could be forced into the ERROR state from rescue by issuing a\nsuspend command. Virtual machines deleted from the ERROR state would still\nleave the rescue image behind, allowing a user to exceed their quota. Note\nthat only setups using the nova VMware driver were affected.\n(CVE-2014-3608)\n\nThe CVE-2014-3608 issue was discovered by Garth Mollett of Red Hat Product\nSecurity.\n\nThe openstack-nova packages have been upgraded to upstream version\n2014.1.3, which provides a number of bug fixes and enhancements over the\nprevious version. (BZ#1149737)\n\nThis update also fixes the following bug:\n\n* Previously, unhandled database deadlock conditions triggered with some\ndatabase configuration edge cases. \"Deadlock found when trying to get lock;\ntry restarting transaction\" messages may have been logged, and database\ntransactions may have been lost. With this update, actions are retried on\ndeadlock conditions, resulting in robust database communication.\n(BZ#1141972)\n\nAll openstack-nova users are advised to upgrade to these updated packages,\nwhich correct these issues and add these enhancements.", "cvss3": {}, "published": "2014-11-03T08:21:32", "type": "redhat", "title": "(RHSA-2014:1782) Important: openstack-nova security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2573", "CVE-2014-3608", "CVE-2014-8750"], "modified": "2018-03-19T12:26:45", "id": "RHSA-2014:1782", "href": "https://access.redhat.com/errata/RHSA-2014:1782", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T18:51:22", "description": "Heart information leakage, Cinder privilege escalation, Nova multiple vulnerabilities, Neutron protection bypass.", "edition": 2, "cvss3": {}, "published": "2014-06-19T00:00:00", "title": "OpenStack multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-4463", "CVE-2013-6491", "CVE-2014-2573", "CVE-2014-0167", "CVE-2014-3801", "CVE-2013-7130", "CVE-2013-4469", "CVE-2014-4167", "CVE-2013-1068", "CVE-2014-0134"], "modified": "2014-06-19T00:00:00", "id": "SECURITYVULNS:VULN:13850", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13850", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}]}
