[openstack-announce] [OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)

Tristan Cacqueray tristan.cacqueray at enovance.com
Thu Oct 2 15:08:23 UTC 2014


OpenStack Security Advisory: 2014-032
CVE: CVE-2014-3608
Date: October 2, 2014
Title: Nova VMware driver still leaks rescued images
Reporter: Garth Mollett (Red Hat)
Products: Nova
Versions: up to 2014.1.2

Description:
Garth Mollett from Red Hat reported an incomplete fix to OSSA-2014-017
(CVE-2014-2573), a vulnerability affecting Nova. If an authenticated
user places an instance into rescue, and then issues a suspend command
it will cause the instance to enter an ERROR state. Nova does not clean
up an instance in this state correctly upon deletion. An attacker can
use this to launch a denial of service attack. Only setups using the
Nova VMware driver are affected by this flaw.

Juno (development branch) fix:
https://review.openstack.org/94281/

Icehouse fix:
https://review.openstack.org/109624/

Notes:
This fix will be included in the Juno release 2014.2.0 and in
the upcoming 2014.1.3 release.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608
https://launchpad.net/bugs/1338830

--
Tristan Cacqueray
OpenStack Vulnerability Management Team

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-announce/attachments/20141002/e5905cbe/attachment.pgp>


More information about the OpenStack-announce mailing list