935017 – (CVE-2015-3241) VUL-0: CVE-2015-3241: openstack-nova: migration process does not stop when instance is deleted

Bug 935017 (CVE-2015-3241) - VUL-0: CVE-2015-3241: openstack-nova: migration process does not stop when instance is deleted

Summary: VUL-0: CVE-2015-3241: openstack-nova: migration process does not stop when in...

Status:	RESOLVED FIXED

Alias:	CVE-2015-3241

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:NVD:CVE-2015-3241:6.8:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-06-17 07:20 UTC by Andreas Stieger
Modified:	2018-10-19 18:36 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2015-06-17 07:20:00 UTC

This is an advance warning of a vulnerability discovered in OpenStack,
to give you, as downstream stakeholders, a chance to coordinate the
release of fixes and reduce the vulnerability window. Unfortunately the
bug detail has been revealed in a public review, we figured you might
appreciate a bit of heads-up.

Title: Nova instance migration process does not stop when instance is
       deleted
Reporter: George Shuklin (Webzilla LTD)
Products: Nova
Affects: versions through 2014.1.4, and 2014.2 versions through
         2014.2.3, and version 2015.1.0

Description:
George Shuklin from Webzilla LTD reported a vulnerability in Nova
migration process. By resizing and deleting an instance repeatedly an
authenticated user may overcome his quota and overload Nova compute
nodes resulting in a denial of service attack. All Nova setups are affected.

Bug report:
https://launchpad.net/bugs/1387543

CVE: CVE-2015-3241

Comment 2 Marcus Meissner 2015-06-17 12:12:17 UTC

but actually launchpad has the bug open, so lets keep this bug also open.

Comment 3 Swamp Workflow Management 2015-06-17 22:00:15 UTC

bugbot adjusting priority

Comment 5 Vincent Untz 2015-10-13 12:01:39 UTC

Submitted in mr#74061.

Comment 6 Swamp Workflow Management 2015-12-07 18:11:01 UTC

SUSE-SU-2015:2219-1: An update that solves three vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 927625,935017,942457,944178,945923,949070,949529
CVE References: CVE-2015-3241,CVE-2015-3280,CVE-2015-7713
Sources used:
SUSE OpenStack Cloud 5 (src):    openstack-nova-2014.2.4~a0~dev80-20.1, openstack-nova-doc-2014.2.4~a0~dev80-20.1

Comment 7 Swamp Workflow Management 2015-12-07 18:12:34 UTC

SUSE-SU-2015:2220-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (moderate)
Bug References: 927625,935017,935263,939691,942457,943648,944178,945923,948704,949070,949529
CVE References: CVE-2015-3221,CVE-2015-3241,CVE-2015-3280,CVE-2015-5240,CVE-2015-7713
Sources used:
SUSE OpenStack Cloud Compute 5 (src):    openstack-neutron-2014.2.4~a0~dev103-10.3, openstack-nova-2014.2.4~a0~dev80-14.1, python-python-memcached-1.54-2.1

Comment 8 Marcus Meissner 2015-12-08 14:10:19 UTC

released