Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 21 Mar 2014 14:37:35 +1000
From: Grant Murphy <gmurphy@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request for vulnerability in OpenStack Nova

A vulnerability was discovered in OpenStack (see below). In order to
ensure full traceability, we need a CVE number assigned that we can
attach to further notifications. This issue is already public, although
an advisory was not sent yet.

Title: Nova VMWare driver leaks rescued images
Reporter: Jaroslav Henner (Red Hat)
Products: Nova
Versions: 2013.2 to 2013.2.2

Description:
Jaroslav Henner from Red Hat reported a vulnerability in Nova. By
requesting Nova place an image into rescue, then deleting
the image, an authenticated user my exceed their quota. This can
result in a denial of service via excessive resource consumption. Only
setups using the Nova VMWare driver are affected.

References:
https://bugs.launchpad.net/nova/+bug/1269418

Thanks in advance,

-- 
Grant Murphy
OpenStack Vulnerability Management Team

Download attachment "signature.asc" of type "application/pgp-signature" (231 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ