26 matches found
EUVD-2019-0090
Malware in sbrugna...
EUVD-2012-0019
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2014-0167
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Nova EC2 API security group implementation in OpenStack Compute Nova 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies...
SUSE CVE-2012-2101
Openstack Compute Nova Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service CPU and hard drive consumption via a network request that triggers a large number of iptables rules...
SUSE CVE-2019-9735
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...
GHSA-HQ3F-9GF7-73R8 Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
Openstack Compute Nova Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service CPU and hard drive consumption via a network request that triggers a large number of iptables rules...
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
Openstack Compute Nova Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service CPU and hard drive consumption via a network request that triggers a large number of iptables rules...
GHSA-JR9M-V5QH-MH2J OpenStack Neutron overlapping security group rules prevents compute node network configuration
An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those...
GHSA-9773-3FQG-8W25 OpenStack Neutron's unsupported dport option prevents applying security groups
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...
Automated remediation level 4: Actual automation
Let’s get to automatically remediating already! This entry will be the last in our series based on The 4 Levels of Automated Remediation. After the previous 3 steps—where we discussed everything from logging to best practices to account hygiene—it’s time to talk about the actions that really let...
Security Bulletin: PowerVC is impacted by an OpenStack Neutron vulnerability related to security group rules (CVE-2019-10876)
Summary OpenStack Neutron is vulnerable to a denial of service, caused by a flaw in the neutron-openvswitch-agent. By creating two security groups with separate/overlapping port ranges, a remote authenticated attacker could exploit this vulnerability to prevent Neutron from being able to configur...
USN-4036-1 neutron vulnerability
Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly handled certain security group rules in the iptables firewall module. An authenticated attacker could possibly use this issue to block further application of security group rules for other instances...
Moderate: Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 14 bug fix and enhancement advisory
Updated packages that resolve various issues are now available for Red Hat OpenStack Platform 14.0 Rocky for RHEL 7. Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service IaaS cloud running on commonly available...
CVE-2019-9735
A validation flaw was discovered in the iptables firewall module in OpenStack Neutron. By setting a destination port in a security group rule, along with a protocol that does not support that option for example, VRRP, an authenticated user could block further application of security group rules f...
PYSEC-2019-190
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...
CVE-2019-9735
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...
CVE-2019-9735
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...
Anti-Spoofing Controls Bypass
openstack-neutron is vulnerable to anti-spoofing controls bypass. Authenticated users using the ML2 plugin or the security groups AMQP API are able to set the deviceowner field to an arbitrary value starting with network: on networks they do not own. Setting the affected field before the security...
USN-2255-1 neutron vulnerabilities
Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron did not properly set up its sudo configuration. If a different flaw was found in OpenStack Neutron, this vulnerability could be used to escalate privileges. CVE-2013-6433 Stephen Ma and Christoph Thiel discovered that the...
CVE-2012-2101
Openstack Compute Nova Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service CPU and hard drive consumption via a network request that triggers a large number of iptables rules...