Resource Management Errors Affecting nova package, versions <1:12.0.0-2
Snyk CVSS
Attack Complexity
Low
Availability
High
Threat Intelligence
EPSS
0.83% (82nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-NOVA-351647
- published 8 Sep 2015
- disclosed 8 Sep 2015
Introduced: 8 Sep 2015
CVE-2015-3241 Open this link in a new tabHow to fix?
Upgrade Debian:10 nova to version 1:12.0.0-2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream nova package and not the nova package as distributed by Debian.
See How to fix? for Debian:10 relevant fixed versions and status.
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
References
- https://security-tracker.debian.org/tracker/CVE-2015-3241
- https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml
- https://launchpad.net/bugs/1387543
- https://security.openstack.org/ossa/OSSA-2015-015.html
- http://rhn.redhat.com/errata/RHSA-2015-1723.html
- http://rhn.redhat.com/errata/RHSA-2015-1898.html
- http://www.securityfocus.com/bid/75372
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-3241
- https://access.redhat.com/errata/RHSA-2015:1723
- https://access.redhat.com/errata/RHSA-2015:1898
- https://access.redhat.com/security/cve/CVE-2015-3241
- https://bugzilla.redhat.com/show_bug.cgi?id=1232782