CVE-2014-2573

Published: Mar 25, 2014Modified: May 6, 2026

2.3

Vector

AV:A/AC:M/Au:S/C:N/I:N/A:P

Exploitability: 4.4 / Impact: 2.9

Source: NVD

Description

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.

Affected (3)

Products: Openstack: Compute

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Openstack Compute	Version 2013.2.1
Openstack Compute	Version 2013.2.2
Openstack Compute	Version 2013.2

Related CWEs

References (8)

http://secunia.com/advisories/57498

Source: cve@mitre.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2014/03/21/1

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/03/21/2

Source: cve@mitre.org

https://bugs.launchpad.net/nova/+bug/1269418

Source: cve@mitre.org

http://secunia.com/advisories/57498

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2014/03/21/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/03/21/2

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/nova/+bug/1269418

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.