CVE-2015-0237

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-0237
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://rhn.redhat.com/errata/RHSA-2015-0888.html Vendor Advisory
http://www.securitytracker.com/id/1032231
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*
History

12 Feb 2023, 23:15

Type Values Removed Values Added
References
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1184716', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1184716', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0888', 'name': 'https://access.redhat.com/errata/RHSA-2015:0888', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2015-0237', 'name': 'https://access.redhat.com/security/cve/CVE-2015-0237', 'tags': [], 'refsource': 'MISC'}
Summary It was discovered that the permissions to allow or deny snapshot creation were ignored during live storage migration of a VM's disk between storage domains. An attacker able to live migrate a disk between storage domains could use this flaw to cause a denial of service. Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

02 Feb 2023, 20:19

Type Values Removed Values Added
References
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1184716 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0888 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2015-0237 -
Summary Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain. It was discovered that the permissions to allow or deny snapshot creation were ignored during live storage migration of a VM's disk between storage domains. An attacker able to live migrate a disk between storage domains could use this flaw to cause a denial of service.
Information

Published : 2015-05-01 15:59

Updated : 2023-12-10 11:31

NVD link : CVE-2015-0237

Mitre link : CVE-2015-0237

CVE.ORG link : CVE-2015-0237

JSON object : View

Products Affected

redhat

  • enterprise_virtualization_manager
CWE
CWE-264

Permissions, Privileges, and Access Controls