9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
openstack-neutron is vulnerable to authorization bypass. An authenticated user is able to bypass security group restrictions with an invalid CIDR to add a security group rule which would cause the openvswitch-agent process to fail and prevent further rules from being applied.
lists.opensuse.org/opensuse-updates/2014-08/msg00035.html
secunia.com/advisories/59533
www.openwall.com/lists/oss-security/2014/04/22/8
www.ubuntu.com/usn/USN-2255-1
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/neutron/+bug/1300785
bugzilla.redhat.com/show_bug.cgi?id=1108549
bugzilla.redhat.com/show_bug.cgi?id=1115406
rhn.redhat.com/errata/RHSA-2014-0899.html