Back to bug 1934330
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Summer Long | 2021-03-03 01:47:56 UTC | CC | srevivo | |
| Summer Long | 2021-03-03 01:48:14 UTC | Depends On | 1934331 | |
| Summer Long | 2021-03-03 01:49:47 UTC | Depends On | 1934332, 1934333 | |
| Summer Long | 2021-03-03 01:51:14 UTC | CC | skaplons | |
| Summer Long | 2021-03-05 01:35:49 UTC | Summary | openstack-neutron: Anti-spoofing bypass using Open vSwitch | CVE-2021-20267 CVE-2021-20267 openstack-neutron: Anti-spoofing bypass using Open vSwitch |
| Alias | CVE-2021-20267 | |||
| Summer Long | 2021-03-05 02:33:13 UTC | Doc Text | A flaw was found in openstack-neutron where, when using OpenvSwitch, ICMPv6 packet origin was not verified. This meant that a machine in the same layer 2 network could forge requests. A remote attacker could exploit this flaw to spoof address origin and misdirect traffic. | |
| Summary | CVE-2021-20267 CVE-2021-20267 openstack-neutron: Anti-spoofing bypass using Open vSwitch | CVE-2021-20267 openstack-neutron: Anti-spoofing bypass using Open vSwitch | ||
| RaTasha Tillery-Smith | 2021-03-05 14:42:47 UTC | Doc Text | A flaw was found in openstack-neutron where, when using OpenvSwitch, ICMPv6 packet origin was not verified. This meant that a machine in the same layer 2 network could forge requests. A remote attacker could exploit this flaw to spoof address origin and misdirect traffic. | A flaw was found in openstack-neutron where, when using OpenvSwitch, the ICMPv6 packet origin was not verified. When this occurs, a machine in the same layer of two networks can forge requests. This flaw allows a remote attacker to spoof the address origin and misdirect traffic. The highest threat from this vulnerability is to system confidentiality and system availability. |
| Summer Long | 2021-03-08 04:49:10 UTC | Doc Text | A flaw was found in openstack-neutron where, when using OpenvSwitch, the ICMPv6 packet origin was not verified. When this occurs, a machine in the same layer of two networks can forge requests. This flaw allows a remote attacker to spoof the address origin and misdirect traffic. The highest threat from this vulnerability is to system confidentiality and system availability. | A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project |
| Michael Kaplan | 2021-05-26 15:44:18 UTC | Fixed In Version | openstack-neutron 15.3.3, openstack-neutron 16.3.1, openstack-neutron 17.1.1 | |
| Red Hat Bugzilla | 2021-05-30 14:53:24 UTC | CC | chrisw | |
| Summer Long | 2021-05-31 23:10:56 UTC | Fixed In Version | openstack-neutron 15.3.3, openstack-neutron 16.3.1, openstack-neutron 17.1.1 | neutron 15.3.3, neutron 16.3.1, neutron 17.1.1 |
| Jeff Fearn 🐞 | 2021-06-03 12:21:08 UTC | CC | chrisw | |
| Slawek Kaplonski | 2021-06-09 10:34:55 UTC | Status | NEW | MODIFIED |
| Assaf Muller | 2021-06-15 17:28:18 UTC | CC | amuller | |
| Red Hat Bugzilla | 2021-06-22 00:28:10 UTC | CC | dbecker | |
| Lon Hohberger | 2021-07-09 17:20:22 UTC | CC | rhos-maint | |
| Nick Tait | 2021-07-29 22:52:33 UTC | Doc Text | A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project | A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch firewall driver are affected. Source: OpenStack project |
| Summer Long | 2021-09-12 06:43:04 UTC | CC | dbecker, rhos-maint | |
| Summer Long | 2021-09-12 06:43:31 UTC | Depends On | 2003423 | |
| Red Hat Bugzilla | 2023-07-07 08:29:15 UTC | Assignee | security-response-team | nobody |
Back to bug 1934330