CVE-2015-3280 - OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properl

CVE-2015-3280

Summary

OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.

References

Vulnerable Configurations

cpe:2.3:a:openstack:nova:2015.1.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2015.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.3:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova:2014.2.3:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 13-02-2023 - 00:49)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:C

redhat via4

advisories

rhsa

id	RHSA-2015:1898

rpms

openstack-nova-0:2014.1.5-3.el6ost
openstack-nova-0:2014.1.5-5.el7ost
openstack-nova-0:2014.2.3-31.el7ost
openstack-nova-0:2015.1.1-3.el7ost
openstack-nova-api-0:2014.1.5-3.el6ost
openstack-nova-api-0:2014.1.5-5.el7ost
openstack-nova-api-0:2014.2.3-31.el7ost
openstack-nova-api-0:2015.1.1-3.el7ost
openstack-nova-cells-0:2014.1.5-3.el6ost
openstack-nova-cells-0:2014.1.5-5.el7ost
openstack-nova-cells-0:2014.2.3-31.el7ost
openstack-nova-cells-0:2015.1.1-3.el7ost
openstack-nova-cert-0:2014.1.5-3.el6ost
openstack-nova-cert-0:2014.1.5-5.el7ost
openstack-nova-cert-0:2014.2.3-31.el7ost
openstack-nova-cert-0:2015.1.1-3.el7ost
openstack-nova-common-0:2014.1.5-3.el6ost
openstack-nova-common-0:2014.1.5-5.el7ost
openstack-nova-common-0:2014.2.3-31.el7ost
openstack-nova-common-0:2015.1.1-3.el7ost
openstack-nova-compute-0:2014.1.5-3.el6ost
openstack-nova-compute-0:2014.1.5-5.el7ost
openstack-nova-compute-0:2014.2.3-31.el7ost
openstack-nova-compute-0:2015.1.1-3.el7ost
openstack-nova-conductor-0:2014.1.5-3.el6ost
openstack-nova-conductor-0:2014.1.5-5.el7ost
openstack-nova-conductor-0:2014.2.3-31.el7ost
openstack-nova-conductor-0:2015.1.1-3.el7ost
openstack-nova-console-0:2014.1.5-3.el6ost
openstack-nova-console-0:2014.1.5-5.el7ost
openstack-nova-console-0:2014.2.3-31.el7ost
openstack-nova-console-0:2015.1.1-3.el7ost
openstack-nova-doc-0:2014.1.5-3.el6ost
openstack-nova-doc-0:2014.1.5-5.el7ost
openstack-nova-doc-0:2014.2.3-31.el7ost
openstack-nova-doc-0:2015.1.1-3.el7ost
openstack-nova-network-0:2014.1.5-3.el6ost
openstack-nova-network-0:2014.1.5-5.el7ost
openstack-nova-network-0:2014.2.3-31.el7ost
openstack-nova-network-0:2015.1.1-3.el7ost
openstack-nova-novncproxy-0:2014.1.5-3.el6ost
openstack-nova-novncproxy-0:2014.1.5-5.el7ost
openstack-nova-novncproxy-0:2014.2.3-31.el7ost
openstack-nova-novncproxy-0:2015.1.1-3.el7ost
openstack-nova-objectstore-0:2014.1.5-3.el6ost
openstack-nova-objectstore-0:2014.1.5-5.el7ost
openstack-nova-objectstore-0:2014.2.3-31.el7ost
openstack-nova-objectstore-0:2015.1.1-3.el7ost
openstack-nova-scheduler-0:2014.1.5-3.el6ost
openstack-nova-scheduler-0:2014.1.5-5.el7ost
openstack-nova-scheduler-0:2014.2.3-31.el7ost
openstack-nova-scheduler-0:2015.1.1-3.el7ost
openstack-nova-serialproxy-0:2014.1.5-3.el6ost
openstack-nova-serialproxy-0:2014.1.5-5.el7ost
openstack-nova-serialproxy-0:2014.2.3-31.el7ost
openstack-nova-serialproxy-0:2015.1.1-3.el7ost
openstack-nova-spicehtml5proxy-0:2015.1.1-3.el7ost
python-nova-0:2014.1.5-3.el6ost
python-nova-0:2014.1.5-5.el7ost
python-nova-0:2014.2.3-31.el7ost
python-nova-0:2015.1.1-3.el7ost

refmap via4

bid	76553
confirm	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html https://launchpad.net/bugs/1392527 https://security.openstack.org/ossa/OSSA-2015-017.html

Last major update

13-02-2023 - 00:49

Published

26-10-2015 - 17:59

Last modified

13-02-2023 - 00:49