Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Jun 2016 15:07:19 +0000
From: Tristan Cacqueray <tdecacqu@...hat.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request for vulnerability in OpenStack Neutron

A vulnerability was discovered in OpenStack (see below). In order to
ensure full traceability, we need a CVE number assigned that we can
attach to further notifications. This issue is already public, although
an advisory was not sent yet.

Title: Neutron IPTables firewall anti-spoof protection bypass
Reporter: Romain Aviolat (Nagravision) and
          Dustin Lundquist (Blue Box Group, Inc)
Products: Neutron
Affects: <=7.0.4, >=8.0.0 <=8.1.0

Description:
Romain Aviolat from Nagravision and Dustin Lundquist from
Blue Box Group, Inc independently reported vulnerabilities in Neutron
anti-spoof protection. By forging DHCP discovery messages or non-IP
traffic, such as ARP or ICMPv6, an instance may spoof IP or MAC source
addresses on attached networks resulting in denial of services and/or
traffic interception. Moreover when L2population isn't used, other
tenants attached to a shared network are also vulnerable. Neutron
setups using the IPTables firewall driver are affected.

References:
https://bugs.launchpad.net/bugs/1502933 (icmpv6)
https://bugs.launchpad.net/bugs/1558658 (mac, dhcp)

Note:
The dhcp fix has been included in the 8.0.0 release and this
request probably needs more than one CVE.

Thanks in advance,

--
Tristan Cacqueray
OpenStack Vulnerability Management Team


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ