7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
openstack-neutron is vulnerable to privilege escalation attacks. The vulnerability exists as the default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.
CPE | Name | Operator | Version |
---|---|---|---|
openstack-neutron | eq | 2013.2.2__5.el6ost | |
openstack-neutron | eq | 2013.2.2__1.el6ost | |
openstack-neutron | eq | 2013.2.1__4.el6ost |
rhn.redhat.com/errata/RHSA-2014-0516.html
secunia.com/advisories/59533
www.ubuntu.com/usn/USN-2255-1
access.redhat.com/security/updates/classification/#moderate
access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Technical_Notes/index.html
bugzilla.redhat.com/show_bug.cgi?id=1036523
bugzilla.redhat.com/show_bug.cgi?id=1039812
bugzilla.redhat.com/show_bug.cgi?id=1050962
bugzilla.redhat.com/show_bug.cgi?id=1051028
bugzilla.redhat.com/show_bug.cgi?id=1051036
bugzilla.redhat.com/show_bug.cgi?id=1051444
bugzilla.redhat.com/show_bug.cgi?id=1060709
bugzilla.redhat.com/show_bug.cgi?id=1060711
bugzilla.redhat.com/show_bug.cgi?id=1071891
bugzilla.redhat.com/show_bug.cgi?id=1075833
bugzilla.redhat.com/show_bug.cgi?id=1076994
bugzilla.redhat.com/show_bug.cgi?id=1077487
bugzilla.redhat.com/show_bug.cgi?id=1080071
bugzilla.redhat.com/show_bug.cgi?id=1081159
bugzilla.redhat.com/show_bug.cgi?id=1084535
bugzilla.redhat.com/show_bug.cgi?id=1086077
bugzilla.redhat.com/show_bug.cgi?id=1098578
rhn.redhat.com/errata/RHSA-2014-0516.html