CVE-2014-2573 (retired)

Priority
Description
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does
not properly put VMs into RESCUE status, which allows remote authenticated
users to bypass the quota limit and cause a denial of service (resource
consumption) by requesting the VM be put into rescue and then deleting the
image.
Notes
jdstrandrequires use with unsupported VMware ESX driver. This is not
compiled in to libvirt in the Ubuntu archive, which makes this code path
unavailable in Ubuntu
Package
Source: nova (LP Ubuntu Debian)
Upstream:released (2014.1.1)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (1:2014.2~b2-0ubuntu1)
Patches:
Upstream:https://review.openstack.org/#/c/89217/ (icehouse)
Upstream:https://review.openstack.org/#/c/89768/ (havana)
More Information

Updated: 2019-10-09 07:50:11 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)