Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 21 Oct 2014 12:28:23 -0400 (EDT)
From: cve-assign@...re.org
To: tristan.cacqueray@...vance.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request for vulnerability in OpenStack Nova

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Products: Nova
> Versions: up to 2014.1.3
> 
> Zhu Zhu from IBM reported a vulnerability in Nova VMware driver. If an
> authenticated user deletes an instance while it is in resize state, it
> will cause the original instance to not be deleted. An attacker can use
> this to launch a denial of service attack. All Nova VMware setups are
> affected.
> 
> https://launchpad.net/bugs/1359138
> https://review.openstack.org/125492

> the problem is as follows: When a resize is done a new VM is
> created on the back end. So prior to the resize you would have
> a instance called uuid. When a resize takes place there will
> be a cloned VM called uuid-orig. Hence the additional delete
> that needs to take place.

> during the window for resize step migration_disk_and_poweroff after
> disassociate VM(rename) or new VM clone but before migration status to
> be finished, the deletion of VM will not delete those uuid-orig VMs.

> looks like a DoS attack by using up capacity without being charged for
> it.

Use CVE-2014-8333 for this virt/vmwareapi/vmops.py race condition that
results in inadvertent preservation of the -orig instance.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJURoh1AAoJEKllVAevmvmsuycIALoSRHTtUV3Kk+XzgQm3Cl9c
qNFi+n2AQTeGqtefqZBgdKJ7iNY29g5hMMT9eGKyalPw4zxv2vxKKHsMGSyyZYDY
PvaHUJ7hOUxO5k22m++cHAdEgZjSVjTEFYSfbjBK6GqSY7Lqq4d9dqW4WBNYR4cH
tyX7FvEK7yPA4gEywLxa8KVUBWskj+uDZvFg9mYUzOFd0u+WANFffdo7lVAvyMvc
8DO+vA8Q/H26Bvf7q3Lebs2CNoTwOfUrCnG1RcO0WkcJ0N+DAAWAjOvn+2IxbEd4
fYavN9bdncevvHwOSLl/V+ikjSnv39S/whcKkxj3Xh9X6thp+62dkr0j2p4F/P4=
=o9fR
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ