RedHatEnterpriseVirtualizationManagerMoveDisk target domain permission check insufficient Denial of Service Vulnerability

Release date: Updated: Affected System: RedHatEnterpriseVirtualizationManager3.0 Description: describugtraqid: 57750CVE (C

Release date:
Updated on: 2013-02-27

Affected Systems:
RedHat Enterprise Virtualization Manager 3.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57750
CVE (CAN) ID: CVE-2013-0168
 
Red Hat Enterprise Virtualization Manager is a virtual tool used to centrally manage Virtual Server sets running on Red Hat Enterprise Linux and Microsoft Windows.

The Red Hat Enterprise Virtualization alization Manager 3.1 and other versions of the MoveDisk command Check the security vulnerability in the method of the target storage domain. Authorized users can exploit this vulnerability to consume available space on the target domain and cause denial of service.
 
<* Source: Ondrej Machacek

Link: https://bugzilla.redhat.com/show_bug.cgi? CVE-2013-0168
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
RedHat
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://www.redhat.com/apps/support/errata/index.html