OpenStack Neutron Security Restriction Bypass Vulnerability (CVE-2015-5240)
OpenStack Neutron Security Restriction Bypass Vulnerability (CVE-2015-5240)
Release date:
Updated on:
Affected Systems:
openstack Neutron < 2014.2.4
openstack Neutron 2015.1-2015.1.2
Description:
CVE (CAN) ID: CVE-2015-5240
OpenStack Neutron is a network-as-a-service project between Interface Devices managed by the Openstack service.
OpenStack Neutron versions earlier than 2014.2.4 and 2015.1-2015.1.2. When using the ML2 plug-in or the security group amqp api, authenticated users change the port device owner to "network: the IP anti-spoofing control can be bypassed.
<* Source: Kevin Benton
*>
Suggestion:
Vendor patch:
Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://security.openstack.org/ossa/OSSA-2015-018.html
Https://bugs.launchpad.net/neutron/+bug/1489111
Https://bugzilla.redhat.com/show_bug.cgi? Id = 1258458
The following is a collection of Openstack related knowledge for you to see if you like it:
Install and deploy Openstack on Ubuntu 12.10
Ubuntu 12.04 OpenStack Swift single-node deployment Manual
OpenStack cloud computing quick start tutorial
Deploying OpenStack for enterprises: what should be done and what should not be done
CentOS 6.5 x64bit quick OpenStack Installation
This article permanently updates the link address: