CVE-2018-17204 – openvswitch: Mishandle of group mods in lib/ofp-util.c:parse_group_prop_ntr_selection_method() allows for assertion failure
https://notcve.org/view.php?id=CVE-2018-17204
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default. Se ha descubierto un problema en Open vSwitch (OvS) en versiones 2.7.x hasta la 2.7.6 que afecta a parse_group_prop_ntr_selection_method en lib/ofp-util.c. • https://access.redhat.com/errata/RHSA-2018:3500 https://access.redhat.com/errata/RHSA-2019:0053 https://access.redhat.com/errata/RHSA-2019:0081 https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://usn.ubuntu.com/3873-1 https://access.redhat.com/security/cve/CVE-2018-17204 https://bugzilla.redhat.com/show_bug.cgi?id=1632522 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVE-2018-14635 – openstack-neutron: A router interface out of subnet IP range results in a denial of service
https://notcve.org/view.php?id=CVE-2018-14635
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable. Al emplear el controlador de Linux bridge ml2, los inquilinos sin privilegios pueden crear y adjuntar puertos sin especificar una dirección IP, omitiendo la validación de direcciones IP. Podría ocurrir una denegación de servicio (DoS) si una dirección IP, en conflicto con invitados o routers existentes, se asigna desde fuera del grupo de asignación permitido. • https://access.redhat.com/errata/RHSA-2018:2710 https://access.redhat.com/errata/RHSA-2018:2715 https://access.redhat.com/errata/RHSA-2018:2721 https://access.redhat.com/errata/RHSA-2018:3792 https://bugs.launchpad.net/neutron/+bug/1757482 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635 https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d https://access.redhat.com/security/cve/CVE-2018-14635 https://bugzilla.redhat.com/show • CWE-20: Improper Input Validation •
CVE-2018-14620 – openstack-rabbitmq-container: Insecure download of rabbitmq_clusterer during docker build
https://notcve.org/view.php?id=CVE-2018-14620
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable. La imagen del contenedor de OpenStack RabbitMQ recupera de forma insegura el componente rabbitmq_clusterer por HTTP durante la fase de construcción. Esto podría permitir que un atacante sirva código malicioso al builder de imagen e instale la imagen de contenedor resultante. • https://access.redhat.com/errata/RHSA-2018:2721 https://access.redhat.com/errata/RHSA-2018:2729 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14620 https://access.redhat.com/security/cve/CVE-2018-14620 https://bugzilla.redhat.com/show_bug.cgi?id=1626953 • CWE-20: Improper Input Validation CWE-494: Download of Code Without Integrity Check •
CVE-2017-15139 – openstack-cinder: Data retained after deletion of a ScaleIO volume
https://notcve.org/view.php?id=CVE-2017-15139
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants. Se ha detectado una vulnerabilidad en las versiones de openstack-cinder hasta (e incluyendo) Queens, que permite que los volúmenes nuevos creados en ciertas configuraciones de volúmenes de almacenamiento contengan datos anteriores. Específicamente, esto afecta a los volúmenes ScaleIO que emplean volúmenes finos y un relleno de cero. • https://access.redhat.com/errata/RHSA-2018:3601 https://access.redhat.com/errata/RHSA-2019:0917 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139 https://wiki.openstack.org/wiki/OSSN/OSSN-0084 https://access.redhat.com/security/cve/CVE-2017-15139 https://bugzilla.redhat.com/show_bug.cgi?id=1599899 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-2627
https://notcve.org/view.php?id=CVE-2017-2627
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user. Se ha detectado un defecto en opentack-tripleo-common tal y como viene en Red Hat Openstack Enterprise 10 y 11. El archivo sudoers instalado con el paquete opentack-tripleo-common de OSP es demasiado permisivo. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2627 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •