Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-2573
HistoryMar 25, 2014 - 12:00 a.m.

CVE-2014-2573

2014-03-2500:00:00
ubuntu.com
ubuntu.com
17
vmware driver
openstack compute
rescue status
quota limits
denial of service

CVSS2

2.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:S/C:N/I:N/A:P

EPSS

0.003

Percentile

69.2%

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does
not properly put VMs into RESCUE status, which allows remote authenticated
users to bypass the quota limit and cause a denial of service (resource
consumption) by requesting the VM be put into rescue and then deleting the
image.

Notes

Author Note
jdstrand requires use with unsupported VMware ESX driver. This is not compiled in to libvirt in the Ubuntu archive, which makes this code path unavailable in Ubuntu

CVSS2

2.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:S/C:N/I:N/A:P

EPSS

0.003

Percentile

69.2%