Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 10 Jun 2016 12:43:27 -0400 (EDT)
From: cve-assign@...re.org
To: tdecacqu@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request for vulnerability in OpenStack Neutron

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Title: Neutron IPTables firewall anti-spoof protection bypass

> independently reported vulnerabilities in Neutron
> anti-spoof protection. By forging DHCP discovery messages or non-IP
> traffic, such as ARP or ICMPv6, an instance may spoof IP or MAC source
> addresses on attached networks resulting in denial of services and/or
> traffic interception. Moreover when L2population isn't used, other
> tenants attached to a shared network are also vulnerable. Neutron
> setups using the IPTables firewall driver are affected.

> The dhcp fix has been included in the 8.0.0 release and this
> request probably needs more than one CVE.

>> https://bugs.launchpad.net/neutron/+bug/1502933/comments/21

>> Just to be clear, the ICMPv6 source address spoof isn't addressed by
>> bug 1558658 patch (I39dc0e23fc118ede19ef2d986b29fc5a8e48ff78).

>> Since both issues abuse the same fundamental flaw, it seems like a
>> good opportunity to bundle both fix in a single advisory.

>> However, because we need different patch, this will likely requires 2
>> different CVE numbers...

> https://bugs.launchpad.net/bugs/1558658 (DHCP spoofing because the rule had only
>                                          -p udp -m udp --sport 68 --dport 67)

Use CVE-2016-5362.


> https://bugs.launchpad.net/bugs/1558658 (MAC source address spoofing)

Use CVE-2016-5363.


> https://bugs.launchpad.net/bugs/1502933 (ICMPv6 source address spoofing)

Use CVE-2015-8914.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXWuzyAAoJEHb/MwWLVhi2bBAQAKsmBq6+BILn7sflHZr1biSs
1bGOleiu+F947NAp5zzqjv9riowFneB7fCTPJ3uSXueCSNEyGFDIVPR80M7MWKdv
vtTUnLT8GLl9P2ZkvdYLaIW12UQq2OQF5nA0kuz8piVJx5Mx6M9rMypw83cKlIfw
iovaJMZuI6ZSsYmdm8RJiEyhRO+fyTXSYi/i7/6UqGUnZuBU4//KvkTqE3ZHWw6K
4HRaFIDVFljIHJpLgdIyLDBoMymxf7yYSvMVAX7f74drOLkQd+LyMYnLzR6dLCtc
sFR31f3f1v+lFSYTXdklEF/toSu6pNHauffcmxAWLpn3vOLJbzKpZZ2I23uDPQSZ
cOJ0ygs+ZbIXABaRsfBiU6bk0uiXvGqyifcFZnoayWPpCyN65qrdJlgMYBjhprVa
g1TEnJ7I+H/6FVTbvpdHo+m0YVS2oF3/Wy2B2FrpdCC43aTPYCzEWNmlQfl8MY39
aGdLugde8eOhWOJQugnqe94CxbAdcR2H/BTh28XaABhLdDwrnU6XSWY56pzcu1ys
ctYo8aPPsgHr9SC6c7noBfO3RMQGqkLOFakjjPGUmMHQ3Fz/Rz3pljVFZYwaQ8aS
BPvpQ2DtsHo9VSDt/t6srftFNWC2B91lbOj68aKm32rXq4rDuuNtS3pbmFpphjgv
WUQ3XjzlzzoHO3TR4PHY
=5QDQ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.