OpenStack Neutron Security Group Bypass Vulnerability
CVE-2014-0187

Currently unrated

Key Information:

Vendor: Openstack
Status: Neutron
Vendor: CVE Published:; 28 April 2014

Summary

The OpenStack Neutron service has a vulnerability in the openvswitch-agent process that enables remote authenticated users to bypass established security group restrictions. This occurs due to the allowance of an invalid CIDR (Classless Inter-Domain Routing) in a security group rule, which in turn prevents the enforcement of further security rules. This flaw may be exploited by an attacker to gain unauthorized access to network resources, compromising the security posture of the OpenStack environment.

References

http://lists.opensuse.org/opensuse-updates/2014-08/msg000...

vendor-advisoryx_refsource_SUSE

http://www.openwall.com/lists/oss-security/2014/04/22/8

mailing-listx_refsource_MLIST

http://secunia.com/advisories/59533

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 28, 2014
Vulnerability Reserved
Dec 3, 2013