Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 14 Jun 2016 06:56:16 +0000
From: Tristan Cacqueray <>
Subject: [OSSA-2016-009] Neutron IPTables firewall anti-spoof protection
 bypass (CVE-2016-5362, CVE-2016-5363, CVE-2015-8914)

OSSA-2016-009: Neutron IPTables firewall anti-spoof protection bypass

:Date: June 14, 2016
:CVE: CVE-2016-5362 (DHCP spoofing),
      CVE-2016-5363 (MAC source address spoofing),
      CVE-2015-8914 (ICMPv6 source address spoofing)

- Neutron: <=7.0.4, >=8.0.0 <=8.1.0

Romain Aviolat from Nagravision and Dustin Lundquist from Blue Box
Group, Inc independently reported vulnerabilities in Neutron anti-
spoof protection. By forging DHCP discovery messages or non-IP
traffic, such as ARP or ICMPv6, an instance may spoof IP or MAC source
addresses on attached networks resulting in denial of services and/or
traffic interception. Moreover when L2population isn't used, other
tenants attached to a shared network are also vulnerable. Neutron
setups using the IPTables firewall driver are affected.

- (MAC)    (Liberty)
- (DHCP)   (Liberty)
- (ICMPv6) (Liberty)
- (MAC)    (Mitaka)
- (DHCP)   (Mitaka)
- (ICMPv6) (Mitaka)
- (MAC)    (Newton)
- (DHCP)   (Newton)
- (ICMPv6) (Newton)

- Romain Aviolat from Nagravision           (CVE-2015-8914)
- Dustin Lundquist from Blue Box Group, Inc (CVE-2016-5362,

- (ICMPv6)

Tristan Cacqueray
OpenStack Vulnerability Management Team

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ