Lucene search
Veracode Vulnerability DatabaseVERACODE:21400HistoryAug 29, 2019 - 6:58 a.m.
Information Disclosure
2019-08-2906:58:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
EPSS
0.004
Percentile
75.0%
os-vif is vulnerable to information disclosure. Users are able to view content of packets for instances belonging to other tenants sharing the same network. This is due to a hard-coded MAC aging time of 0 which disables MAC learning in linuxbridge and forces obligatory Ethernet flooding of non-local destinations.
References
www.openwall.com/lists/oss-security/2019/08/29/2
bugs.launchpad.net/os-vif/+bug/1837252
github.com/openstack/os-vif/commit/d29c6e77657eda4e8101c655a1e9407a171c413e
launchpad.net/bugs/1837252
review.opendev.org/#/c/672834/
review.opendev.org/#/c/678098/
review.opendev.org/672834
review.opendev.org/678098
security.openstack.org/ossa/OSSA-2019-004.html
Related
osv
osv
CVE-2019-15753
2019-08-28 21:15:10
redhatcve
redhatcve
CVE-2019-15753
2019-08-30 01:58:27
ubuntucve
ubuntucve
CVE-2019-15753
2019-08-28 00:00:00
nvd
nvd
CVE-2019-15753
2019-08-28 21:15:10
debiancve
debiancve
CVE-2019-15753
2019-08-28 21:15:10
cvelist
cvelist
CVE-2019-15753
2019-08-28 20:33:39
prion
prion
Hardcoded credentials
2019-08-28 21:15:00
cve
cve
CVE-2019-15753
2019-08-28 21:15:10
github
github
OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning
2022-05-24 16:55:04