CVE-2013-0168 - OpenCVE

The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Virtualization Manager

Configuration 1 [-]

OR	cpe:2.3:a:redhat:enterprise_virtualization_manager::::::::
	cpe:2.3:a:redhat:enterprise_virtualization_manager:2.1:::::::*
	cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2:::::::*
	cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2.3:::::::*
	cpe:2.3:a:redhat:enterprise_virtualization_manager:3.0:::::::*

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2013-0211.html	Vendor Advisory
http://www.securityfocus.com/bid/57750
http://www.securitytracker.com/id/1028076
https://bugzilla.redhat.com/show_bug.cgi?id=893355
https://exchange.xforce.ibmcloud.com/vulnerabilities/81834

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2013-03-12T22:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-12-06T00:00:00

Link: CVE-2013-0168

JSON object: View

NVD Information

Status : Modified

Published: 2013-03-12T23:55:01.667

Modified: 2017-08-29T01:32:59.603

Link: CVE-2013-0168

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB817120-05C6-4FE3-9723-285019C83363", "versionEndIncluding": "3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1B952D9C-5ACF-42A4-B249-94E7B5CE0494", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "B84D669D-C083-48FA-A65E-838A904C25C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "3D562BFD-4E6C-441F-A41D-9FB5EB1D01C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:enterprise_virtualization_manager:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F37CD62-39B8-4CF8-94A0-3D0C1D652DDF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors."}, {"lang": "es", "value": "El comando MoveDisk en Red Hat Enterprise Virtualization Manager (RHEV-M) v3.1 y anteriores, no valida adecuadamente los permisos en los dominios de almacenamiento, lo que permite a administradores de almacenamiento autenticados remotamente provocar una denegaci\u00f3n de servicio (agotamiento del espacio libre sobre otros dominios de almacenamiento) a trav\u00e9s de vectores no especificados."}], "id": "CVE-2013-0168", "lastModified": "2017-08-29T01:32:59.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-12T23:55:01.667", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0211.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/57750"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1028076"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=893355"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81834"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}