Vulnerability Description
The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Nova | >= 2013.2, <= 2013.2.4 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2014-1781.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1782.htmlThird Party Advisory
- http://seclists.org/oss-sec/2014/q4/65Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/70220Third Party AdvisoryVDB Entry
- https://bugs.launchpad.net/nova/+bug/1338830ExploitThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1781.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1782.htmlThird Party Advisory
- http://seclists.org/oss-sec/2014/q4/65Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/70220Third Party AdvisoryVDB Entry
- https://bugs.launchpad.net/nova/+bug/1338830ExploitThird Party Advisory
FAQ
What is CVE-2014-3608?
CVE-2014-3608 is a vulnerability with a CVSS score of 2.7 (LOW). The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into th...
How severe is CVE-2014-3608?
CVE-2014-3608 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3608?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Nova.