Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 22 Apr 2014 15:15:03 +0200
From: Tristan Cacqueray <tristan.cacqueray@...vance.com>
To: oss-security@...ts.openwall.com
Subject: [OSSA 2014-014] Neutron security groups bypass through invalid CIDR
 (CVE-2014-0187)

OpenStack Security Advisory: 2014-014
CVE: CVE-2014-0187
Date: April 22, 2014
Title: Neutron security groups bypass through invalid CIDR
Reporters: Stephen Ma (HP) and Christoph Thiel (Deutsche Telekom)
Products: Neutron
Versions: 2013.1 to 2013.2.3, and 2014.1

Description:
Stephen Ma from Hewlett Packard and Christoph Thiel from Deutsche
Telekom reported a vulnerability in Neutron security groups. By creating
a security group rule with an invalid CIDR, an authenticated user may
break openvswitch-agent process, preventing further rules from being
applied on the host. Note: removal of the faulty rule is not enough, the
openvswitch-agent must be restarted. All Neutron setups using Open
vSwitch are affected.

Juno (development branch) fix:
https://review.openstack.org/59212

Icehouse fix:
https://review.openstack.org/88674

Havana fix:
https://review.openstack.org/88057

Notes:
This fix will be included in the juno-1 development milestone and in
future 2013.2.4 and 2014.1.1 releases.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0187
https://launchpad.net/bugs/1300785

-- 
Tristan Cacqueray
OpenStack Vulnerability Management Team




[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ