OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2015-1723.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2015-1898.html | Third Party Advisory |
http://www.securityfocus.com/bid/75372 | Third Party Advisory VDB Entry |
https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml | Third Party Advisory |
https://launchpad.net/bugs/1387543 | Third Party Advisory |
https://security.openstack.org/ossa/OSSA-2015-015.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:48
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance. |
02 Feb 2023, 20:20
Type | Values Removed | Values Added |
---|---|---|
Summary | A denial of service flaw was found in the OpenStack Compute (nova) instance migration process. Because the migration process does not terminate when an instance is deleted, an authenticated user could bypass user quota and deplete all available disk space by repeatedly re-sizing and deleting an instance. | |
References |
|
Information
Published : 2015-09-08 15:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-3241
Mitre link : CVE-2015-3241
CVE.ORG link : CVE-2015-3241
JSON object : View
Products Affected
openstack
- nova
CWE
CWE-399
Resource Management Errors