CVE-2014-9684

Опубликовано: 19 фев. 2015

Источник: redhat

CVSS2: 2.3

Описание

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.

Multiple flaws were found in the glance task API that could cause untracked image data to be left in the back end. A malicious user could use these flaws to deliberately accumulate untracked image data, and cause a denial of service via resource exhaustion.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	openstack-glance	Not affected
Red Hat OpenStack Platform 4	openstack-glance	Not affected
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7	openstack-glance	Fixed	RHSA-2015:0938	05.05.2015
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7	python-glance-store	Fixed	RHSA-2015:0938	05.05.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1194697openstack-glance: potential resource exhaustion and denial of service using images manipulation API

2.3 Low

CVSS2