CVE-2014-9623 - OpenCVE

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Openstack
Openstack	Image Registry And Delivery Service \(glance\)

Configuration 1 [-]

cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\)::::::::
	cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.2:::::::*
	cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.2:rc1::::::
	cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.2:rc2::::::
	cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2014.2:rc3::::::

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2015-0644.html
http://rhn.redhat.com/errata/RHSA-2015-0837.html
http://rhn.redhat.com/errata/RHSA-2015-0838.html
http://secunia.com/advisories/62165
http://www.openwall.com/lists/oss-security/2015/01/18/4
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://bugs.launchpad.net/glance/+bug/1383973
https://bugs.launchpad.net/glance/+bug/1398830	Exploit
https://security.openstack.org/ossa/OSSA-2015-003.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-01-23T15:00:00

Updated: 2016-12-05T22:57:01

Reserved: 2015-01-18T00:00:00

Link: CVE-2014-9623

JSON object: View

NVD Information

Status : Modified

Published: 2015-01-23T15:59:06.537

Modified: 2016-12-07T03:01:39.207

Link: CVE-2014-9623

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-16T00:00:00", "descriptions": [{"lang": "en", "value": "OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2015:0838", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html"}, {"name": "RHSA-2015:0644", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html"}, {"name": "62165", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62165"}, {"name": "RHSA-2015:0837", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/glance/+bug/1383973"}, {"name": "[oss-security] 20150118 Re: CVE request for vulnerability in OpenStack Glance", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/glance/+bug/1398830"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.openstack.org/ossa/OSSA-2015-003.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9623", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2015:0838", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html"}, {"name": "RHSA-2015:0644", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html"}, {"name": "62165", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62165"}, {"name": "RHSA-2015:0837", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"name": "https://bugs.launchpad.net/glance/+bug/1383973", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/glance/+bug/1383973"}, {"name": "[oss-security] 20150118 Re: CVE request for vulnerability in OpenStack Glance", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4"}, {"name": "https://bugs.launchpad.net/glance/+bug/1398830", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/glance/+bug/1398830"}, {"name": "https://security.openstack.org/ossa/OSSA-2015-003.html", "refsource": "CONFIRM", "url": "https://security.openstack.org/ossa/OSSA-2015-003.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9623", "datePublished": "2015-01-23T15:00:00", "dateReserved": "2015-01-18T00:00:00", "dateUpdated": "2016-12-05T22:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "43629DD7-3510-4639-812E-7F09642B6B21", "versionEndIncluding": "2014.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:*:*:*:*:*:*:*", "matchCriteriaId": "072E34B9-5979-4291-B1D2-762A7C515641", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "D7D19295-250D-4577-95A3-94E71789C639", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "81CC384F-0D8D-4119-B3CD-4B585DBDF267", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "625B1FA7-E7F3-4F1D-B58D-E23BAE4B1DC9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state."}, {"lang": "es", "value": "OpenStack Glance 2014.2.x hasta la versi\u00f3n 2014.2.1, 2014.1.3 y versiones anteriores permite a usuarios remotos autenticados eludir la cuota de almacenamiento y causar una denegaci\u00f3n de servicio (consumo de disco) mediante el borrado de una imagen en el estado de ahorro."}], "id": "CVE-2014-9623", "lastModified": "2016-12-07T03:01:39.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-23T15:59:06.537", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/62165"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"}, {"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/glance/+bug/1383973"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/glance/+bug/1398830"}, {"source": "cve@mitre.org", "url": "https://security.openstack.org/ossa/OSSA-2015-003.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}