If an authenticated user deletes an instance while it is in resize state, it will cause the original instance to not be deleted from the compute node it was running on. An attacker can use this to launch a denial of service attack. All Nova setups are affected.
CVE(s): CVE-2016-7498
Affected product(s) and affected version(s):
PowerVC Standard Edition 1.3.1.x
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iJI5jD
X-Force Database: http://ift.tt/2elF6ZI
The post IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Compute denial of service vulnerability (CVE-2016-7498) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2iJI6UJ
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.