3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
openstack-neutron is vulnerable to anti-spoofing controls bypass. Authenticated users using the ML2
plugin or the security groups AMQP
API are able to set the device_owner
field to an arbitrary value starting with network:
on networks they do not own. Setting the affected field before the security group rules are applied allows authenticated attackers to bypass the IP anti-spoofing controls.
rhn.redhat.com/errata/RHSA-2015-1909.html
www.openwall.com/lists/oss-security/2015/09/08/9
access.redhat.com/errata/RHSA-2015:1909
access.redhat.com/security/cve/CVE-2015-5240
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/neutron/+bug/1489111
bugzilla.redhat.com/show_bug.cgi?id=1258458
bugzilla.redhat.com/show_bug.cgi?id=1266977
bugzilla.redhat.com/show_bug.cgi?id=1269201
rhn.redhat.com/errata/RHSA-2015-1909.html
security.openstack.org/ossa/OSSA-2015-018.html