CVE-2014-2573

NameCVE-2014-2573
DescriptionThe VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: remote)
Debian Bugs750144

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nova (PTS)wheezy2012.1.1-18fixed
jessie2014.1.3-11fixed
stretch2:14.0.0-4fixed
stretch (security)2:14.0.0-4+deb9u1fixed
buster, sid2:16.0.3-9fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
novasource(unstable)2014.1-9low750144
novasourcewheezy(not affected)

Notes

[wheezy] - nova <not-affected> (Vulnerable code in 2013.2 to 2013.2.2)
https://bugs.launchpad.net/nova/+bug/1269418

Search for package or bug name: Reporting problems