OpenStack Neutron Security Restriction Bypass Vulnerability (CVE-2015-5240)

OpenStack Neutron Security Restriction Bypass Vulnerability (CVE-2015-5240)
OpenStack Neutron Security Restriction Bypass Vulnerability (CVE-2015-5240)

Release date:
Updated on:

Affected Systems:

openstack Neutron < 2014.2.4
openstack Neutron 2015.1-2015.1.2

Description:

CVE (CAN) ID: CVE-2015-5240

OpenStack Neutron is a network-as-a-service project between Interface Devices managed by the Openstack service.

OpenStack Neutron versions earlier than 2014.2.4 and 2015.1-2015.1.2. When using the ML2 plug-in or the security group amqp api, authenticated users change the port device owner to "network: the IP anti-spoofing control can be bypassed.

<* Source: Kevin Benton
*>

Suggestion:

Vendor patch:

Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://security.openstack.org/ossa/OSSA-2015-018.html
Https://bugs.launchpad.net/neutron/+bug/1489111
Https://bugzilla.redhat.com/show_bug.cgi? Id = 1258458

The following is a collection of Openstack related knowledge for you to see if you like it:

Install and deploy Openstack on Ubuntu 12.10

Ubuntu 12.04 OpenStack Swift single-node deployment Manual

OpenStack cloud computing quick start tutorial

Deploying OpenStack for enterprises: what should be done and what should not be done

CentOS 6.5 x64bit quick OpenStack Installation

This article permanently updates the link address: