You are here

CVE-2013-0168

Vincent (CVE) Danen's picture
The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors.

Details Source

Mitre

Public Date

2013-02-04 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-0168 rhev-m: insufficient MoveDisk target domain permission checks

Bugzilla ID

893 355

CVSS Status

verified

Base Score

1.70

Base Metrics

AV:L/AC:L/Au:S/C:N/I:N/A:P

Acknowledgements

This issue was discovered by Ondrej Machacek of Red Hat.

Red Hat Security Errata

Platform Errata Release Date
RHEV-M for Servers (org.ovirt.engine-root) RHSA-2013:0211 2013-02-04

Affected Packages State

Platform Package State
Red Hat Enterprise Virtualization Manager 2 ovirt-engine-backend Not affected
RHEV-M for Servers ovirt-engine-backend Affected