CVE-2015-3241
EPSS 2.0%OpenStack Nova instance migration process does not stop when instance is deleted
Published: 5/14/2022Modified: 11/28/2024
Description
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
Affected packages (2)
- Debian/novafrom 0, < 1:12.0.0-2
- PyPI/novafrom 0, < 112.0.0.0b3
References (16)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-3241
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3241
- PATCHhttps://github.com/openstack/nova
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-1723.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-1898.html
- WEBhttps://access.redhat.com/errata/RHSA-2015:1723
- WEBhttps://access.redhat.com/errata/RHSA-2015:1898
- WEBhttps://access.redhat.com/security/cve/CVE-2015-3241
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1232782
- WEBhttps://github.com/openstack/nova/commit/7ab75d5b0b75fc3426323bef19bf436a258b9707
- WEBhttps://github.com/openstack/nova/commit/b5020a047fc487f35b76fc05f31e52665a1afda1
- WEBhttps://github.com/openstack/nova/commit/bf23643e36c8764b4bd532546a2cc04385fe0cff
- WEBhttps://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml
- WEBhttps://launchpad.net/bugs/1387543
- WEBhttps://security.openstack.org/ossa/OSSA-2015-015.html
- WEBhttp://www.securityfocus.com/bid/75372