ID CVE-2014-0056 Type cve Reporter cve@mitre.org Modified 2014-06-05T04:28:00
Description
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.
{"ubuntu": [{"lastseen": "2020-07-09T00:24:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0056"], "description": "Aaron Rosen discovered that OpenStack Neutron did not properly perform \nauthorization checks when creating ports when using plugins relying on the \nl3-agent. A remote authenticated attacker could exploit this to access the \nnetwork of other tenants.", "edition": 5, "modified": "2014-05-05T00:00:00", "published": "2014-05-05T00:00:00", "id": "USN-2194-1", "href": "https://ubuntu.com/security/notices/USN-2194-1", "title": "OpenStack Neutron vulnerability", "type": "ubuntu", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2017-12-04T11:17:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0056"], "description": "Check for the Version of neutron", "modified": "2017-12-01T00:00:00", "published": "2014-05-12T00:00:00", "id": "OPENVAS:841808", "href": "http://plugins.openvas.org/nasl.php?oid=841808", "type": "openvas", "title": "Ubuntu Update for neutron USN-2194-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2194_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for neutron USN-2194-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841808);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:13:06 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2014-0056\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:N/A:N\");\n script_name(\"Ubuntu Update for neutron USN-2194-1\");\n\n tag_insight = \"Aaron Rosen discovered that OpenStack Neutron did not properly\nperform authorization checks when creating ports when using plugins relying on\nthe l3-agent. A remote authenticated attacker could exploit this to access the\nnetwork of other tenants.\";\n\n tag_affected = \"neutron on Ubuntu 13.10\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2194-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2194-1/\");\n script_summary(\"Check for the Version of neutron\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-neutron\", ver:\"1:2013.2.3-0ubuntu1.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:37:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0056"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-05-12T00:00:00", "id": "OPENVAS:1361412562310841808", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841808", "type": "openvas", "title": "Ubuntu Update for neutron USN-2194-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2194_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for neutron USN-2194-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841808\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:13:06 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2014-0056\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:P/I:N/A:N\");\n script_name(\"Ubuntu Update for neutron USN-2194-1\");\n\n script_tag(name:\"affected\", value:\"neutron on Ubuntu 13.10\");\n script_tag(name:\"insight\", value:\"Aaron Rosen discovered that OpenStack Neutron did not properly\nperform authorization checks when creating ports when using plugins relying on\nthe l3-agent. A remote authenticated attacker could exploit this to access the\nnetwork of other tenants.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2194-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2194-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'neutron'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU13\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-neutron\", ver:\"1:2013.2.3-0ubuntu1.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-0056"], "description": "\r\n\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2194-1\r\nMay 05, 2014\r\n\r\nneutron vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.10\r\n\r\nSummary:\r\n\r\nOpenStack Neutron would allow unintended access to other tenant networks.\r\n\r\nSoftware Description:\r\n- neutron: Openstack Virtual Network Service\r\n\r\nDetails:\r\n\r\nAaron Rosen discovered that OpenStack Neutron did not properly perform\r\nauthorization checks when creating ports when using plugins relying on the\r\nl3-agent. A remote authenticated attacker could exploit this to access the\r\nnetwork of other tenants.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.10:\r\n python-neutron 1:2013.2.3-0ubuntu1.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2194-1\r\n CVE-2014-0056\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/neutron/1:2013.2.3-0ubuntu1.1\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2014-05-07T00:00:00", "published": "2014-05-07T00:00:00", "id": "SECURITYVULNS:DOC:30693", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30693", "title": "[USN-2194-1] OpenStack Neutron vulnerability", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2013-6491", "CVE-2014-0056", "CVE-2014-0157", "CVE-2014-0006", "CVE-2014-0162"], "description": "Glance code execution, Neutron and Swift unauthorized access, Horizon crossite scripting, Quantum / Cinder / Oslo information leakage.", "edition": 1, "modified": "2014-05-07T00:00:00", "published": "2014-05-07T00:00:00", "id": "SECURITYVULNS:VULN:13750", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13750", "title": "OpenStack multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2020-09-23T18:53:57", "description": "Aaron Rosen discovered that OpenStack Neutron did not properly perform\nauthorization checks when creating ports when using plugins relying on\nthe l3-agent. A remote authenticated attacker could exploit this to\naccess the network of other tenants.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2014-05-06T00:00:00", "title": "Ubuntu 13.10 : neutron vulnerability (USN-2194-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0056"], "modified": "2014-05-06T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:13.10", "p-cpe:/a:canonical:ubuntu_linux:python-neutron"], "id": "UBUNTU_USN-2194-1.NASL", "href": "https://www.tenable.com/plugins/nessus/73884", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2194-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73884);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2014-0056\");\n script_bugtraq_id(66497);\n script_xref(name:\"USN\", value:\"2194-1\");\n\n script_name(english:\"Ubuntu 13.10 : neutron vulnerability (USN-2194-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Aaron Rosen discovered that OpenStack Neutron did not properly perform\nauthorization checks when creating ports when using plugins relying on\nthe l3-agent. A remote authenticated attacker could exploit this to\naccess the network of other tenants.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2194-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-neutron package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-neutron\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"13.10\", pkgname:\"python-neutron\", pkgver:\"1:2013.2.3-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-neutron\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:19", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6433", "CVE-2014-0056"], "description": "OpenStack Networking (neutron) is a pluggable, scalable, and API-driven\nsystem that provisions networking services to virtual machines. Its main\nfunction is to manage connectivity to and from virtual machines. As of Red\nHat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum'\nas the core component of OpenStack Networking.\n\nA flaw was found in the way OpenStack Networking performed authorization\nchecks on created ports. An authenticated user could potentially use this\nflaw to create ports on a router belonging to a different tenant, allowing\nunauthorized access to the network of other tenants. Note that only\nOpenStack Networking setups using plug-ins that rely on the l3-agent were\naffected. (CVE-2014-0056)\n\nIt was discovered that the default sudo configuration provided in OpenStack\nNetworking, which is specific to the openstack-neutron package shipped by\nRed Hat, did not correctly specify a configuration file for rootwrap,\npotentially allowing an unauthenticated user to escalate their privileges.\n(CVE-2013-6433)\n\nRed Hat would like to thank the OpenStack project for reporting\nCVE-2014-0056. Upstream acknowledges Aaron Rosen from VMware as the\noriginal reporter of CVE-2014-0056. The CVE-2013-6433 issue was discovered\nby Kashyap Chamarthy of Red Hat.\n\nThis update also fixes several bugs and adds enhancements. Documentation\nfor these changes is available in the Technical Notes document linked to\nin the References section.\n\nAll openstack-neutron users are advised to upgrade to these updated\npackages, which correct these issues and add these enhancements.\n", "modified": "2018-06-07T02:47:45", "published": "2014-05-29T04:00:00", "id": "RHSA-2014:0516", "href": "https://access.redhat.com/errata/RHSA-2014:0516", "type": "redhat", "title": "(RHSA-2014:0516) Moderate: openstack-neutron security, bug fix, and enhancement update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}]}
