Date: Tue, 21 Oct 2014 12:28:23 -0400 (EDT) From: cve-assign@...re.org To: tristan.cacqueray@...vance.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request for vulnerability in OpenStack Nova -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Products: Nova > Versions: up to 2014.1.3 > > Zhu Zhu from IBM reported a vulnerability in Nova VMware driver. If an > authenticated user deletes an instance while it is in resize state, it > will cause the original instance to not be deleted. An attacker can use > this to launch a denial of service attack. All Nova VMware setups are > affected. > > https://launchpad.net/bugs/1359138 > https://review.openstack.org/125492 > the problem is as follows: When a resize is done a new VM is > created on the back end. So prior to the resize you would have > a instance called uuid. When a resize takes place there will > be a cloned VM called uuid-orig. Hence the additional delete > that needs to take place. > during the window for resize step migration_disk_and_poweroff after > disassociate VM(rename) or new VM clone but before migration status to > be finished, the deletion of VM will not delete those uuid-orig VMs. > looks like a DoS attack by using up capacity without being charged for > it. Use CVE-2014-8333 for this virt/vmwareapi/vmops.py race condition that results in inadvertent preservation of the -orig instance. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJURoh1AAoJEKllVAevmvmsuycIALoSRHTtUV3Kk+XzgQm3Cl9c qNFi+n2AQTeGqtefqZBgdKJ7iNY29g5hMMT9eGKyalPw4zxv2vxKKHsMGSyyZYDY PvaHUJ7hOUxO5k22m++cHAdEgZjSVjTEFYSfbjBK6GqSY7Lqq4d9dqW4WBNYR4cH tyX7FvEK7yPA4gEywLxa8KVUBWskj+uDZvFg9mYUzOFd0u+WANFffdo7lVAvyMvc 8DO+vA8Q/H26Bvf7q3Lebs2CNoTwOfUrCnG1RcO0WkcJ0N+DAAWAjOvn+2IxbEd4 fYavN9bdncevvHwOSLl/V+ikjSnv39S/whcKkxj3Xh9X6thp+62dkr0j2p4F/P4= =o9fR -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ