1. CVE-Search
  2. CVE-2014-3608
ID CVE-2014-3608
Summary The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.
References
Vulnerable Configurations
  • cpe:2.3:a:openstack:nova:2013.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2:milestone1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2:milestone1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2:milestone2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2:milestone2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2:milestone3:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2:milestone3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2013.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2013.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1:milestone1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1:milestone1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1:milestone2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1:milestone2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1:milestone3:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1:milestone3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1.0:milestone1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1.0:milestone1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:nova:2014.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:nova:2014.1.2:*:*:*:*:*:*:*
CVSS
Base: 2.7 (as of 13-02-2023 - 00:41)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:A/AC:L/Au:S/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2014:1781
  • rhsa
    id RHSA-2014:1782
rpms
  • openstack-nova-0:2014.1.3-4.el6ost
  • openstack-nova-api-0:2014.1.3-4.el6ost
  • openstack-nova-cells-0:2014.1.3-4.el6ost
  • openstack-nova-cert-0:2014.1.3-4.el6ost
  • openstack-nova-common-0:2014.1.3-4.el6ost
  • openstack-nova-compute-0:2014.1.3-4.el6ost
  • openstack-nova-conductor-0:2014.1.3-4.el6ost
  • openstack-nova-console-0:2014.1.3-4.el6ost
  • openstack-nova-doc-0:2014.1.3-4.el6ost
  • openstack-nova-network-0:2014.1.3-4.el6ost
  • openstack-nova-novncproxy-0:2014.1.3-4.el6ost
  • openstack-nova-objectstore-0:2014.1.3-4.el6ost
  • openstack-nova-scheduler-0:2014.1.3-4.el6ost
  • python-nova-0:2014.1.3-4.el6ost
  • openstack-nova-0:2014.1.3-4.el7ost
  • openstack-nova-api-0:2014.1.3-4.el7ost
  • openstack-nova-cells-0:2014.1.3-4.el7ost
  • openstack-nova-cert-0:2014.1.3-4.el7ost
  • openstack-nova-common-0:2014.1.3-4.el7ost
  • openstack-nova-compute-0:2014.1.3-4.el7ost
  • openstack-nova-conductor-0:2014.1.3-4.el7ost
  • openstack-nova-console-0:2014.1.3-4.el7ost
  • openstack-nova-doc-0:2014.1.3-4.el7ost
  • openstack-nova-network-0:2014.1.3-4.el7ost
  • openstack-nova-novncproxy-0:2014.1.3-4.el7ost
  • openstack-nova-objectstore-0:2014.1.3-4.el7ost
  • openstack-nova-scheduler-0:2014.1.3-4.el7ost
  • python-nova-0:2014.1.3-4.el7ost
refmap via4
bid 70220
confirm https://bugs.launchpad.net/nova/+bug/1338830
mlist [oss-security] 20141002 [OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)
Last major update 13-02-2023 - 00:41
Published 06-10-2014 - 14:55
Last modified 13-02-2023 - 00:41
Back to Top