Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2014-0187
Vulnerability from cvelistv5
Published
2014-04-28 14:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html"
},
{
"name": "[oss-security] 20140422 [OSSA 2014-014] Neutron security groups bypass through invalid CIDR (CVE-2014-0187)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/22/8"
},
{
"name": "59533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59533"
},
{
"name": "USN-2255-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2255-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/neutron/+bug/1300785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-11T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:1051",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html"
},
{
"name": "[oss-security] 20140422 [OSSA 2014-014] Neutron security groups bypass through invalid CIDR (CVE-2014-0187)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/22/8"
},
{
"name": "59533",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59533"
},
{
"name": "USN-2255-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2255-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/neutron/+bug/1300785"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0187",
"datePublished": "2014-04-28T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:neutron:2013.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22D37364-1253-495F-A3E0-CA4CEFBF2587\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:neutron:2013.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49D7F58E-536B-4E57-B02E-AB2A39AA4EAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:neutron:2013.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81C24D0C-8F7B-48D3-825C-AC3ACD87F461\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:neutron:2013.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0774CBBB-8DF6-468F-AFD9-0C0FE314FF10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:neutron:2013.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CCC7C3A-8E5B-447B-B339-1328C6DDDF9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:neutron:2013.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3AE37F27-FCDA-413C-8A3C-B3ED56BB7A37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:neutron:2013.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5EFDBB0-BCCD-42C4-ADFB-1C92BD5E9537\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:neutron:2013.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6772F036-DD92-40C4-AAAA-227BD41162FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:neutron:2013.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B90A2150-AAC4-468E-ABF6-59071E02D911\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:neutron:2013.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B77F147E-3FD8-40C9-9BB0-C7F27EC1E59B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:neutron:2014.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EC034B0-18F8-4227-8EB3-F7109D2F8FC1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFAA48D9-BEB4-4E49-AD50-325C262D46D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A10BC294-9196-425F-9FB0-B1625465B47F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.\"}, {\"lang\": \"es\", \"value\": \"El proceso openvswitch-agent en OpenStack Neutron 2013.1 anterior a 2013.2.4 y 2014.1 anterior a 2014.1.1 permite a usuarios remotos autenticados evadir restricciones de seguridad de grupo a trav\\u00e9s de un CIDR invalido en una regla de seguridad de grupo, lo que previene que se aplican m\\u00e1s reglas.\"}]",
"id": "CVE-2014-0187",
"lastModified": "2024-11-21T02:01:35.487",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2014-04-28T14:09:06.237",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/59533\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2014/04/22/8\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2255-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugs.launchpad.net/neutron/+bug/1300785\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/59533\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2014/04/22/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2255-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.launchpad.net/neutron/+bug/1300785\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2014-0187\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-04-28T14:09:06.237\",\"lastModified\":\"2024-11-21T02:01:35.487\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.\"},{\"lang\":\"es\",\"value\":\"El proceso openvswitch-agent en OpenStack Neutron 2013.1 anterior a 2013.2.4 y 2014.1 anterior a 2014.1.1 permite a usuarios remotos autenticados evadir restricciones de seguridad de grupo a trav\u00e9s de un CIDR invalido en una regla de seguridad de grupo, lo que previene que se aplican m\u00e1s reglas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:neutron:2013.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22D37364-1253-495F-A3E0-CA4CEFBF2587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:neutron:2013.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49D7F58E-536B-4E57-B02E-AB2A39AA4EAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:neutron:2013.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81C24D0C-8F7B-48D3-825C-AC3ACD87F461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:neutron:2013.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0774CBBB-8DF6-468F-AFD9-0C0FE314FF10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:neutron:2013.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CCC7C3A-8E5B-447B-B339-1328C6DDDF9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:neutron:2013.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AE37F27-FCDA-413C-8A3C-B3ED56BB7A37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:neutron:2013.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5EFDBB0-BCCD-42C4-ADFB-1C92BD5E9537\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:neutron:2013.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6772F036-DD92-40C4-AAAA-227BD41162FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:neutron:2013.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B90A2150-AAC4-468E-ABF6-59071E02D911\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:neutron:2013.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B77F147E-3FD8-40C9-9BB0-C7F27EC1E59B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:neutron:2014.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC034B0-18F8-4227-8EB3-F7109D2F8FC1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFAA48D9-BEB4-4E49-AD50-325C262D46D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59533\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/04/22/8\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2255-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugs.launchpad.net/neutron/+bug/1300785\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59533\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/04/22/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2255-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/neutron/+bug/1300785\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
ghsa-x3fg-cp39-r4h6
Vulnerability from github
Published
2022-05-14 02:09
Modified
2022-05-14 02:09
Details
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.
{
"affected": [],
"aliases": [
"CVE-2014-0187"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-04-28T14:09:00Z",
"severity": "HIGH"
},
"details": "The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.",
"id": "GHSA-x3fg-cp39-r4h6",
"modified": "2022-05-14T02:09:22Z",
"published": "2022-05-14T02:09:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0187"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/neutron/+bug/1300785"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/59533"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/04/22/8"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2255-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
rhsa-2014_0899
Vulnerability from csaf_redhat
Published
2014-07-17 04:28
Modified
2024-11-22 08:06
Summary
Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update
Notes
Topic
Updated openstack-neutron packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0.
The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE links in the References section.
Details
The openstack-neutron packages provide Openstack Networking (neutron), the virtual network service.
OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.
It was discovered that an authenticated user could add a security group rule with an invalid CIDR causing the openvswitch-agent process to fail and prevent further rules from being applied. (CVE-2014-0187)
It was discovered that an authenticated user could add an IPv6 private subnet to an L3 router causing L3-agent to break in a way that prevents further IPv4 addresses from being attached. Removal of the faulty network can only be done directly at the database level. Only Neutron setups using IPv6 and L3-agent are affected by this issue. (CVE-2014-4167)
This update also fixes several bugs and adds enhancements:
* Previously, running 'cloud-init' resulted in each instance sending requests to the metadata agent, which in turn queried Networking server.
Consequently, booting multiple concurrent instances resulted in metadata agent queries producing heavy load for 'neutron-server'.
This update addresses this issue by implementing a short lifetime cache for the metadata agent. Metadata agent now only queries Networking when data is not present in its cache, with the result of decreased load on Networking server during 'cloud-init' within instances. (BZ#1101494).
* With this update, Networking (neutron) packages now update the '/etc/sudoers.d/neutron' file. Consequently, any local changes have been relocated to the '/etc/sudoers.d/neutron.rpmsave' file, and will need to be merged back manually.
To avoid the need for manual updates in future, please apply local changes in a separate 'sudoers.d' file. (BZ#1115406)
* Previously, Networking would fail to reliably communicate with Qpid. This behavior was due to an incorrect message subject set in the Qpid layer used by Networking.
This update addresses this issue by setting a correct subject when sending a Qpid message. As a result, Networking now works reliably with the new Qpid server. (BZ#1108549)
All openstack-neutron users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated openstack-neutron packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The openstack-neutron packages provide Openstack Networking (neutron), the virtual network service.\n\nOpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.\n\nIt was discovered that an authenticated user could add a security group rule with an invalid CIDR causing the openvswitch-agent process to fail and prevent further rules from being applied. (CVE-2014-0187)\n\nIt was discovered that an authenticated user could add an IPv6 private subnet to an L3 router causing L3-agent to break in a way that prevents further IPv4 addresses from being attached. Removal of the faulty network can only be done directly at the database level. Only Neutron setups using IPv6 and L3-agent are affected by this issue. (CVE-2014-4167)\n\nThis update also fixes several bugs and adds enhancements:\n\n* Previously, running \u0027cloud-init\u0027 resulted in each instance sending requests to the metadata agent, which in turn queried Networking server.\nConsequently, booting multiple concurrent instances resulted in metadata agent queries producing heavy load for \u0027neutron-server\u0027.\nThis update addresses this issue by implementing a short lifetime cache for the metadata agent. Metadata agent now only queries Networking when data is not present in its cache, with the result of decreased load on Networking server during \u0027cloud-init\u0027 within instances. (BZ#1101494).\n\n* With this update, Networking (neutron) packages now update the \u0027/etc/sudoers.d/neutron\u0027 file. Consequently, any local changes have been relocated to the \u0027/etc/sudoers.d/neutron.rpmsave\u0027 file, and will need to be merged back manually.\nTo avoid the need for manual updates in future, please apply local changes in a separate \u0027sudoers.d\u0027 file. (BZ#1115406)\n\n* Previously, Networking would fail to reliably communicate with Qpid. This behavior was due to an incorrect message subject set in the Qpid layer used by Networking.\nThis update addresses this issue by setting a correct subject when sending a Qpid message. As a result, Networking now works reliably with the new Qpid server. (BZ#1108549)\n\nAll openstack-neutron users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0899",
"url": "https://access.redhat.com/errata/RHSA-2014:0899"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1090132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090132"
},
{
"category": "external",
"summary": "1108549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108549"
},
{
"category": "external",
"summary": "1110139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110139"
},
{
"category": "external",
"summary": "1115406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1115406"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0899.json"
}
],
"title": "Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T08:06:13+00:00",
"generator": {
"date": "2024-11-22T08:06:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2014:0899",
"initial_release_date": "2014-07-17T04:28:01+00:00",
"revision_history": [
{
"date": "2014-07-17T04:28:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-07-17T04:28:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T08:06:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux OpenStack Platform 4.0",
"product": {
"name": "Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:4::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-bigswitch@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-ryu@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-ml2@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-metering-agent@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-vpn-agent@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-brocade@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-mellanox@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-plumgrid@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-linuxbridge@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-openvswitch@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-metaplugin@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-neutron-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "python-neutron-0:2013.2.3-14.el6ost.noarch",
"product_id": "python-neutron-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-neutron@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-nec@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-hyperv@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-nicira@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-midonet@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-cisco@2013.2.3-14.el6ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-neutron-0:2013.2.3-14.el6ost.src",
"product": {
"name": "openstack-neutron-0:2013.2.3-14.el6ost.src",
"product_id": "openstack-neutron-0:2013.2.3-14.el6ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron@2013.2.3-14.el6ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-0:2013.2.3-14.el6ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src"
},
"product_reference": "openstack-neutron-0:2013.2.3-14.el6ost.src",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "python-neutron-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0187",
"discovery_date": "2014-04-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1090132"
}
],
"notes": [
{
"category": "description",
"text": "The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-neutron: security groups bypass through invalid CIDR",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0187"
},
{
"category": "external",
"summary": "RHBZ#1090132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0187",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0187"
}
],
"release_date": "2014-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-17T04:28:01+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0899"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openstack-neutron: security groups bypass through invalid CIDR"
},
{
"cve": "CVE-2014-4167",
"discovery_date": "2014-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1110139"
}
],
"notes": [
{
"category": "description",
"text": "The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-neutron: L3-agent denial of service through IPv6 subnet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4167"
},
{
"category": "external",
"summary": "RHBZ#1110139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110139"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4167",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4167"
}
],
"release_date": "2014-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-17T04:28:01+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0899"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openstack-neutron: L3-agent denial of service through IPv6 subnet"
}
]
}
rhsa-2014:0899
Vulnerability from csaf_redhat
Published
2014-07-17 04:28
Modified
2024-11-22 08:06
Summary
Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update
Notes
Topic
Updated openstack-neutron packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0.
The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE links in the References section.
Details
The openstack-neutron packages provide Openstack Networking (neutron), the virtual network service.
OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.
It was discovered that an authenticated user could add a security group rule with an invalid CIDR causing the openvswitch-agent process to fail and prevent further rules from being applied. (CVE-2014-0187)
It was discovered that an authenticated user could add an IPv6 private subnet to an L3 router causing L3-agent to break in a way that prevents further IPv4 addresses from being attached. Removal of the faulty network can only be done directly at the database level. Only Neutron setups using IPv6 and L3-agent are affected by this issue. (CVE-2014-4167)
This update also fixes several bugs and adds enhancements:
* Previously, running 'cloud-init' resulted in each instance sending requests to the metadata agent, which in turn queried Networking server.
Consequently, booting multiple concurrent instances resulted in metadata agent queries producing heavy load for 'neutron-server'.
This update addresses this issue by implementing a short lifetime cache for the metadata agent. Metadata agent now only queries Networking when data is not present in its cache, with the result of decreased load on Networking server during 'cloud-init' within instances. (BZ#1101494).
* With this update, Networking (neutron) packages now update the '/etc/sudoers.d/neutron' file. Consequently, any local changes have been relocated to the '/etc/sudoers.d/neutron.rpmsave' file, and will need to be merged back manually.
To avoid the need for manual updates in future, please apply local changes in a separate 'sudoers.d' file. (BZ#1115406)
* Previously, Networking would fail to reliably communicate with Qpid. This behavior was due to an incorrect message subject set in the Qpid layer used by Networking.
This update addresses this issue by setting a correct subject when sending a Qpid message. As a result, Networking now works reliably with the new Qpid server. (BZ#1108549)
All openstack-neutron users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated openstack-neutron packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The openstack-neutron packages provide Openstack Networking (neutron), the virtual network service.\n\nOpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.\n\nIt was discovered that an authenticated user could add a security group rule with an invalid CIDR causing the openvswitch-agent process to fail and prevent further rules from being applied. (CVE-2014-0187)\n\nIt was discovered that an authenticated user could add an IPv6 private subnet to an L3 router causing L3-agent to break in a way that prevents further IPv4 addresses from being attached. Removal of the faulty network can only be done directly at the database level. Only Neutron setups using IPv6 and L3-agent are affected by this issue. (CVE-2014-4167)\n\nThis update also fixes several bugs and adds enhancements:\n\n* Previously, running \u0027cloud-init\u0027 resulted in each instance sending requests to the metadata agent, which in turn queried Networking server.\nConsequently, booting multiple concurrent instances resulted in metadata agent queries producing heavy load for \u0027neutron-server\u0027.\nThis update addresses this issue by implementing a short lifetime cache for the metadata agent. Metadata agent now only queries Networking when data is not present in its cache, with the result of decreased load on Networking server during \u0027cloud-init\u0027 within instances. (BZ#1101494).\n\n* With this update, Networking (neutron) packages now update the \u0027/etc/sudoers.d/neutron\u0027 file. Consequently, any local changes have been relocated to the \u0027/etc/sudoers.d/neutron.rpmsave\u0027 file, and will need to be merged back manually.\nTo avoid the need for manual updates in future, please apply local changes in a separate \u0027sudoers.d\u0027 file. (BZ#1115406)\n\n* Previously, Networking would fail to reliably communicate with Qpid. This behavior was due to an incorrect message subject set in the Qpid layer used by Networking.\nThis update addresses this issue by setting a correct subject when sending a Qpid message. As a result, Networking now works reliably with the new Qpid server. (BZ#1108549)\n\nAll openstack-neutron users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0899",
"url": "https://access.redhat.com/errata/RHSA-2014:0899"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1090132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090132"
},
{
"category": "external",
"summary": "1108549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108549"
},
{
"category": "external",
"summary": "1110139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110139"
},
{
"category": "external",
"summary": "1115406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1115406"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0899.json"
}
],
"title": "Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T08:06:13+00:00",
"generator": {
"date": "2024-11-22T08:06:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2014:0899",
"initial_release_date": "2014-07-17T04:28:01+00:00",
"revision_history": [
{
"date": "2014-07-17T04:28:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-07-17T04:28:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T08:06:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux OpenStack Platform 4.0",
"product": {
"name": "Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:4::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-bigswitch@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-ryu@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-ml2@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-metering-agent@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-vpn-agent@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-brocade@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-mellanox@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-plumgrid@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-linuxbridge@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-openvswitch@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-metaplugin@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-neutron-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "python-neutron-0:2013.2.3-14.el6ost.noarch",
"product_id": "python-neutron-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-neutron@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-nec@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-hyperv@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-nicira@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-midonet@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-cisco@2013.2.3-14.el6ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-neutron-0:2013.2.3-14.el6ost.src",
"product": {
"name": "openstack-neutron-0:2013.2.3-14.el6ost.src",
"product_id": "openstack-neutron-0:2013.2.3-14.el6ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron@2013.2.3-14.el6ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-0:2013.2.3-14.el6ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src"
},
"product_reference": "openstack-neutron-0:2013.2.3-14.el6ost.src",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "python-neutron-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0187",
"discovery_date": "2014-04-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1090132"
}
],
"notes": [
{
"category": "description",
"text": "The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-neutron: security groups bypass through invalid CIDR",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0187"
},
{
"category": "external",
"summary": "RHBZ#1090132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0187",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0187"
}
],
"release_date": "2014-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-17T04:28:01+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0899"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openstack-neutron: security groups bypass through invalid CIDR"
},
{
"cve": "CVE-2014-4167",
"discovery_date": "2014-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1110139"
}
],
"notes": [
{
"category": "description",
"text": "The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-neutron: L3-agent denial of service through IPv6 subnet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4167"
},
{
"category": "external",
"summary": "RHBZ#1110139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110139"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4167",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4167"
}
],
"release_date": "2014-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-17T04:28:01+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0899"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openstack-neutron: L3-agent denial of service through IPv6 subnet"
}
]
}
RHSA-2014:0899
Vulnerability from csaf_redhat
Published
2014-07-17 04:28
Modified
2024-11-22 08:06
Summary
Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update
Notes
Topic
Updated openstack-neutron packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0.
The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE links in the References section.
Details
The openstack-neutron packages provide Openstack Networking (neutron), the virtual network service.
OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.
It was discovered that an authenticated user could add a security group rule with an invalid CIDR causing the openvswitch-agent process to fail and prevent further rules from being applied. (CVE-2014-0187)
It was discovered that an authenticated user could add an IPv6 private subnet to an L3 router causing L3-agent to break in a way that prevents further IPv4 addresses from being attached. Removal of the faulty network can only be done directly at the database level. Only Neutron setups using IPv6 and L3-agent are affected by this issue. (CVE-2014-4167)
This update also fixes several bugs and adds enhancements:
* Previously, running 'cloud-init' resulted in each instance sending requests to the metadata agent, which in turn queried Networking server.
Consequently, booting multiple concurrent instances resulted in metadata agent queries producing heavy load for 'neutron-server'.
This update addresses this issue by implementing a short lifetime cache for the metadata agent. Metadata agent now only queries Networking when data is not present in its cache, with the result of decreased load on Networking server during 'cloud-init' within instances. (BZ#1101494).
* With this update, Networking (neutron) packages now update the '/etc/sudoers.d/neutron' file. Consequently, any local changes have been relocated to the '/etc/sudoers.d/neutron.rpmsave' file, and will need to be merged back manually.
To avoid the need for manual updates in future, please apply local changes in a separate 'sudoers.d' file. (BZ#1115406)
* Previously, Networking would fail to reliably communicate with Qpid. This behavior was due to an incorrect message subject set in the Qpid layer used by Networking.
This update addresses this issue by setting a correct subject when sending a Qpid message. As a result, Networking now works reliably with the new Qpid server. (BZ#1108549)
All openstack-neutron users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated openstack-neutron packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The openstack-neutron packages provide Openstack Networking (neutron), the virtual network service.\n\nOpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.\n\nIt was discovered that an authenticated user could add a security group rule with an invalid CIDR causing the openvswitch-agent process to fail and prevent further rules from being applied. (CVE-2014-0187)\n\nIt was discovered that an authenticated user could add an IPv6 private subnet to an L3 router causing L3-agent to break in a way that prevents further IPv4 addresses from being attached. Removal of the faulty network can only be done directly at the database level. Only Neutron setups using IPv6 and L3-agent are affected by this issue. (CVE-2014-4167)\n\nThis update also fixes several bugs and adds enhancements:\n\n* Previously, running \u0027cloud-init\u0027 resulted in each instance sending requests to the metadata agent, which in turn queried Networking server.\nConsequently, booting multiple concurrent instances resulted in metadata agent queries producing heavy load for \u0027neutron-server\u0027.\nThis update addresses this issue by implementing a short lifetime cache for the metadata agent. Metadata agent now only queries Networking when data is not present in its cache, with the result of decreased load on Networking server during \u0027cloud-init\u0027 within instances. (BZ#1101494).\n\n* With this update, Networking (neutron) packages now update the \u0027/etc/sudoers.d/neutron\u0027 file. Consequently, any local changes have been relocated to the \u0027/etc/sudoers.d/neutron.rpmsave\u0027 file, and will need to be merged back manually.\nTo avoid the need for manual updates in future, please apply local changes in a separate \u0027sudoers.d\u0027 file. (BZ#1115406)\n\n* Previously, Networking would fail to reliably communicate with Qpid. This behavior was due to an incorrect message subject set in the Qpid layer used by Networking.\nThis update addresses this issue by setting a correct subject when sending a Qpid message. As a result, Networking now works reliably with the new Qpid server. (BZ#1108549)\n\nAll openstack-neutron users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0899",
"url": "https://access.redhat.com/errata/RHSA-2014:0899"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1090132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090132"
},
{
"category": "external",
"summary": "1108549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108549"
},
{
"category": "external",
"summary": "1110139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110139"
},
{
"category": "external",
"summary": "1115406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1115406"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0899.json"
}
],
"title": "Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T08:06:13+00:00",
"generator": {
"date": "2024-11-22T08:06:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2014:0899",
"initial_release_date": "2014-07-17T04:28:01+00:00",
"revision_history": [
{
"date": "2014-07-17T04:28:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-07-17T04:28:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T08:06:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux OpenStack Platform 4.0",
"product": {
"name": "Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:4::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-bigswitch@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-ryu@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-ml2@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-metering-agent@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-vpn-agent@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-brocade@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-mellanox@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-plumgrid@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-linuxbridge@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-openvswitch@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-metaplugin@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-neutron-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "python-neutron-0:2013.2.3-14.el6ost.noarch",
"product_id": "python-neutron-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-neutron@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-nec@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-hyperv@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-nicira@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-midonet@2013.2.3-14.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"product": {
"name": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"product_id": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron-cisco@2013.2.3-14.el6ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-neutron-0:2013.2.3-14.el6ost.src",
"product": {
"name": "openstack-neutron-0:2013.2.3-14.el6ost.src",
"product_id": "openstack-neutron-0:2013.2.3-14.el6ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-neutron@2013.2.3-14.el6ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-0:2013.2.3-14.el6ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src"
},
"product_reference": "openstack-neutron-0:2013.2.3-14.el6ost.src",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-0:2013.2.3-14.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
"product_id": "6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
},
"product_reference": "python-neutron-0:2013.2.3-14.el6ost.noarch",
"relates_to_product_reference": "6Server-RHOS-4.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0187",
"discovery_date": "2014-04-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1090132"
}
],
"notes": [
{
"category": "description",
"text": "The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-neutron: security groups bypass through invalid CIDR",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0187"
},
{
"category": "external",
"summary": "RHBZ#1090132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0187",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0187"
}
],
"release_date": "2014-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-17T04:28:01+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0899"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openstack-neutron: security groups bypass through invalid CIDR"
},
{
"cve": "CVE-2014-4167",
"discovery_date": "2014-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1110139"
}
],
"notes": [
{
"category": "description",
"text": "The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-neutron: L3-agent denial of service through IPv6 subnet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-4167"
},
{
"category": "external",
"summary": "RHBZ#1110139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1110139"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-4167",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-4167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4167"
}
],
"release_date": "2014-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-07-17T04:28:01+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0899"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-0:2013.2.3-14.el6ost.src",
"6Server-RHOS-4.0:openstack-neutron-bigswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-brocade-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-cisco-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-hyperv-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-linuxbridge-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-mellanox-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metaplugin-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-metering-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-midonet-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ml2-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nec-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-nicira-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-openvswitch-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-plumgrid-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-ryu-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:openstack-neutron-vpn-agent-0:2013.2.3-14.el6ost.noarch",
"6Server-RHOS-4.0:python-neutron-0:2013.2.3-14.el6ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openstack-neutron: L3-agent denial of service through IPv6 subnet"
}
]
}
cve-2014-0187
Vulnerability from fkie_nvd
Published
2014-04-28 14:09
Modified
2024-11-21 02:01
Severity ?
Summary
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openstack | neutron | 2013.1 | |
| openstack | neutron | 2013.1.1 | |
| openstack | neutron | 2013.1.2 | |
| openstack | neutron | 2013.1.3 | |
| openstack | neutron | 2013.1.4 | |
| openstack | neutron | 2013.1.5 | |
| openstack | neutron | 2013.2 | |
| openstack | neutron | 2013.2.1 | |
| openstack | neutron | 2013.2.2 | |
| openstack | neutron | 2013.2.3 | |
| openstack | neutron | 2014.1 | |
| canonical | ubuntu_linux | 13.04 | |
| canonical | ubuntu_linux | 14.04 | |
| opensuse | opensuse | 13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:neutron:2013.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22D37364-1253-495F-A3E0-CA4CEFBF2587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:neutron:2013.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49D7F58E-536B-4E57-B02E-AB2A39AA4EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:neutron:2013.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81C24D0C-8F7B-48D3-825C-AC3ACD87F461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:neutron:2013.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0774CBBB-8DF6-468F-AFD9-0C0FE314FF10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:neutron:2013.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCC7C3A-8E5B-447B-B339-1328C6DDDF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:neutron:2013.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE37F27-FCDA-413C-8A3C-B3ED56BB7A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:neutron:2013.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5EFDBB0-BCCD-42C4-ADFB-1C92BD5E9537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:neutron:2013.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6772F036-DD92-40C4-AAAA-227BD41162FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:neutron:2013.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B90A2150-AAC4-468E-ABF6-59071E02D911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:neutron:2013.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B77F147E-3FD8-40C9-9BB0-C7F27EC1E59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:neutron:2014.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC034B0-18F8-4227-8EB3-F7109D2F8FC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied."
},
{
"lang": "es",
"value": "El proceso openvswitch-agent en OpenStack Neutron 2013.1 anterior a 2013.2.4 y 2014.1 anterior a 2014.1.1 permite a usuarios remotos autenticados evadir restricciones de seguridad de grupo a trav\u00e9s de un CIDR invalido en una regla de seguridad de grupo, lo que previene que se aplican m\u00e1s reglas."
}
],
"id": "CVE-2014-0187",
"lastModified": "2024-11-21T02:01:35.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-28T14:09:06.237",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/59533"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/04/22/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2255-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/neutron/+bug/1300785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/04/22/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2255-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/neutron/+bug/1300785"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2014-0187
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-0187",
"description": "The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.",
"id": "GSD-2014-0187",
"references": [
"https://www.suse.com/security/cve/CVE-2014-0187.html",
"https://access.redhat.com/errata/RHSA-2014:0899",
"https://ubuntu.com/security/CVE-2014-0187"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-0187"
],
"details": "The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.",
"id": "GSD-2014-0187",
"modified": "2023-12-13T01:22:43.992312Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html"
},
{
"name": "http://secunia.com/advisories/59533",
"refsource": "MISC",
"url": "http://secunia.com/advisories/59533"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/04/22/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/04/22/8"
},
{
"name": "http://www.ubuntu.com/usn/USN-2255-1",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/USN-2255-1"
},
{
"name": "https://bugs.launchpad.net/neutron/+bug/1300785",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/neutron/+bug/1300785"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openstack:neutron:2013.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:neutron:2013.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:neutron:2013.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:neutron:2013.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:neutron:2013.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:neutron:2013.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:neutron:2013.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:neutron:2014.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:neutron:2013.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:neutron:2013.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:neutron:2013.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0187"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/neutron/+bug/1300785",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/neutron/+bug/1300785"
},
{
"name": "[oss-security] 20140422 [OSSA 2014-014] Neutron security groups bypass through invalid CIDR (CVE-2014-0187)",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2014/04/22/8"
},
{
"name": "59533",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/59533"
},
{
"name": "USN-2255-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-2255-1"
},
{
"name": "openSUSE-SU-2014:1051",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-30T16:27Z",
"publishedDate": "2014-04-28T14:09Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.