1258458 – (CVE-2015-5240) CVE-2015-5240 openstack-neutron: Firewall rules bypass through port update

Bug 1258458 (CVE-2015-5240) - CVE-2015-5240 openstack-neutron: Firewall rules bypass through port update

Summary: CVE-2015-5240 openstack-neutron: Firewall rules bypass through port update

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-5240
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1260495 1261385 1261386 1264272 1264273 1264274
Blocks:	1258461
TreeView+	depends on / blocked

Reported:	2015-08-31 12:43 UTC by Adam Mariš
Modified:	2023-05-12 10:31 UTC (History)
CC List:	25 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	A race-condition flaw leading to ACL bypass was discovered in OpenStack Networking (neutron). An authenticated user could change the owner of a port after it was created but before firewall rules were applied, thus preventing firewall control checks from occurring. All OpenStack Networking deployments that used either the ML2 plug-in or a plug-in that relied on the security groups AMQP API were affected.
Clone Of:
Environment:
Last Closed:	2015-10-15 23:02:54 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:1909	0	normal	SHIPPED_LIVE	Moderate: openstack-neutron security and bug fix update	2015-10-15 20:09:00 UTC

Description Adam Mariš 2015-08-31 12:43:01 UTC

It was reported that a vulnerability was found in Neutron. By changing the device owner of an instance's port right after it is created, an authenticated user may prevent application of firewall rules and so avoid IP anti-spoofing controls. All Neutron setups using the ML2 plugin or a plugin that relies on the security groups AMQP API are affected. All Neutron setups using the ML2 plugin or a plugin that relies on the security groups AMQP API are affected.

Vulnerability affects versions through 2014.2.3 and 2015.1 versions through 2015.1.1

Acknowledgements:

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Kevin Benton from Mirantis as the original reporter.

Comment 10 Martin Prpič 2015-09-09 08:01:28 UTC

Public via:

http://www.openwall.com/lists/oss-security/2015/09/08/9

Comment 11 Adam Mariš 2015-09-09 08:44:38 UTC

Created openstack-neutron tracking bugs for this issue:

Affects: openstack-rdo [bug 1261385]
Affects: fedora-all [bug 1261386]

Comment 13 errata-xmlrpc 2015-10-15 16:09:32 UTC

This issue has been addressed in the following products:

  OpenStack 5 for RHEL 7
  OpenStack 5 for RHEL 6
  OpenStack 7 For RHEL 7
  OpenStack 6 for RHEL 7

Via RHSA-2015:1909 https://rhn.redhat.com/errata/RHSA-2015-1909.html

Note You need to log in before you can comment on or make changes to this bug.

abaron
amuller
aortega
apevec
ayoung
chrisw
dallan
gkotton
gmollett
jjoyce
jschluet
kbasil
lhh
lpeer
markmc
mburns
nyechiel
rbryant
sclewis
security-response-team
slinaber
slong
srevivo
tdecacqu
yeylon