Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-3608
HistoryOct 06, 2014 - 12:00 a.m.

CVE-2014-3608

2014-10-0600:00:00
ubuntu.com
ubuntu.com
10

2.7 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

79.8%

The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote
authenticated users to bypass the quota limit and cause a denial of service
(resource consumption) by putting the VM into the rescue state, suspending
it, which puts into an ERROR state, and then deleting the image. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2014-2573.

Bugs

Notes

Author Note
jdstrand requires use with unsupported VMware ESX driver. This is not compiled in to libvirt in the Ubuntu archive, which makes this code path unavailable in Ubuntu
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchnova< 1:2014.1.3-0ubuntu1UNKNOWN

2.7 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

79.8%