CVE-2014-2573

EUVD-2014-0037
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.3 UNKNOWN
ADJACENT_NETWORK
MEDIUM
AV:A/AC:M/Au:S/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
openstackcompute
2013.2
openstackcompute
2013.2.1
openstackcompute
2013.2.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nova
bookworm
2:26.2.2-1~deb12u3
fixed
bookworm (security)
2:26.2.2-1~deb12u3
fixed
bullseye
2:22.0.1-2+deb11u1
fixed
bullseye (security)
2:22.4.0-1~deb11u5
fixed
sid
2:30.0.0-1
fixed
trixie
2:30.0.0-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nova
lucid
dne
precise
not-affected
saucy
ignored
trusty
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/57498
http://www.openwall.com/lists/oss-security/2014/03/21/1
http://www.openwall.com/lists/oss-security/2014/03/21/2
https://bugs.launchpad.net/nova/+bug/1269418
http://secunia.com/advisories/57498
http://www.openwall.com/lists/oss-security/2014/03/21/1
http://www.openwall.com/lists/oss-security/2014/03/21/2
https://bugs.launchpad.net/nova/+bug/1269418