[OSSA 2014-017] nova rescue doesn't put VM into RESCUE status on vmware (CVE-2014-2573)
Bug #1269418 reported by
Jaroslav Henner
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Gary Kotton | ||
Havana |
Fix Released
|
High
|
Gary Kotton | ||
Icehouse |
Fix Released
|
High
|
Gary Kotton | ||
OpenStack Security Advisory |
Fix Released
|
Medium
|
Jeremy Stanley | ||
VMwareAPI-Team |
In Progress
|
High
|
Unassigned |
Bug Description
nova rescue of VM on vmWare will create a additional VM ($ORIGINAL_
[root@jhenner-node ~(keystone_admin)]# nova unrescue foo
ERROR: Cannot 'unrescue' while instance is in vm_state stopped (HTTP 409) (Request-ID: req-792cabb2-
the original can be deleted, which then causes leaking of the -rescue VM.
CVE References
summary: |
- nova rescue doesn't put VM into RESCUE status when using VMwareVCDriver + VMware: nova rescue doesn't put VM into RESCUE status when using + VMwareVCDriver |
Changed in nova: | |
assignee: | nobody → Maithem (maithem) |
tags: |
added: compute removed: vmware |
Changed in openstack-vmwareapi-team: | |
status: | New → Confirmed |
Changed in nova: | |
importance: | Undecided → High |
Changed in openstack-vmwareapi-team: | |
importance: | Undecided → High |
Changed in nova: | |
milestone: | none → icehouse-rc1 |
Changed in nova: | |
assignee: | Maithem (maithem) → nobody |
Changed in ossa: | |
status: | Incomplete → Confirmed |
assignee: | nobody → Grant Murphy (gmurphy) |
importance: | Undecided → Medium |
Changed in ossa: | |
status: | Confirmed → Triaged |
Changed in openstack-vmwareapi-team: | |
status: | Confirmed → In Progress |
summary: |
- nova rescue doesn't put VM into RESCUE status on vmware + nova rescue doesn't put VM into RESCUE status on vmware (CVE-2014-2573) |
Changed in nova: | |
milestone: | icehouse-rc1 → none |
tags: | added: icehouse-rc-potential |
tags: |
added: icehouse-backport-potential removed: icehouse-rc-potential |
Changed in ossa: | |
assignee: | Grant Murphy (gmurphy) → Jeremy Stanley (fungi) |
tags: | removed: icehouse-backport-potential |
Changed in ossa: | |
status: | In Progress → Fix Committed |
summary: |
- nova rescue doesn't put VM into RESCUE status on vmware (CVE-2014-2573) + [OSSA 2014-017] nova rescue doesn't put VM into RESCUE status on vmware + (CVE-2014-2573) |
Changed in ossa: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | none → juno-1 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | juno-1 → 2014.2 |
To post a comment you must log in.
This doesn't seem to be a VC driver issue, I have tried this with the libvirt driver and the same problem happens. The state of the VM is not being set correctly.