1
PublicDateAtUSN: 2014-10-06
2
Candidate: CVE-2014-3608
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608
6
http://seclists.org/oss-sec/2014/q4/65
7
https://usn.ubuntu.com/usn/usn-2407-1
9
The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote
10
authenticated users to bypass the quota limit and cause a denial of service
11
(resource consumption) by putting the VM into the rescue state, suspending
12
it, which puts into an ERROR state, and then deleting the image. NOTE:
13
this vulnerability exists because of an incomplete fix for CVE-2014-2573.
16
jdstrand> requires use with unsupported VMware ESX driver. This is not
17
compiled in to libvirt in the Ubuntu archive, which makes this code path
20
https://bugs.launchpad.net/nova/+bug/1338830
22
Discovered-by: Garth Mollett
26
upstream: https://review.openstack.org/#/c/94281/ (juno)
27
upstream: https://review.openstack.org/#/c/109624/ (icehouse)
28
upstream_nova: released (2014.1.3)
30
precise_nova: not-affected (code not present)
31
trusty_nova: released (1:2014.1.3-0ubuntu1)
32
utopic_nova: not-affected (1:2014.2~rc1-0ubuntu2)
33
devel_nova: not-affected (1:2014.2~rc1-0ubuntu2)