CVE-2014-3555 – openstack-neutron: Denial of Service in Neutron allowed address pair
https://notcve.org/view.php?id=CVE-2014-3555
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs. OpenStack Neutron anterior a 2013.2.4, 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2 permite a usuarios remotos autenticados causar una denegación de servicio (caída o actualizaciones de normas largas de firewall) mediante la creación de un número grande de parejas de direcciones permitidas. A denial of service flaw was found in neutron's handling of allowed address pairs. As there was no enforced quota on the amount of allowed address pairs, a sufficiently authorized user could possibly create a large number of firewall rules, impacting performance or potentially rendering a compute node unusable. • http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.html http://rhn.redhat.com/errata/RHSA-2014-1119.html http://rhn.redhat.com/errata/RHSA-2014-1120.html http://seclists.org/oss-sec/2014/q3/200 http://secunia.com/advisories/60766 http://secunia.com/advisories/60804 http://www.securityfocus.com/bid/68765 https://bugs.launchpad.net/neutron/+bug/1336207 https://access.redhat.com/security/cve/CVE-2014-3555 https://bugzilla.redhat.com/show_bug.cgi • CWE-264: Permissions, Privileges, and Access Controls CWE-400: Uncontrolled Resource Consumption •
CVE-2014-4167 – openstack-neutron: L3-agent denial of service through IPv6 subnet
https://notcve.org/view.php?id=CVE-2014-4167
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router. El agente L3 en OpenStack Neutron anterior a 2013.2.4, 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2 permite a usuarios remotos autenticados causar una denegación de servicio (interrupción de adjunto de dirección IPv4) al adjuntar una subred IPv6 privada a un router L3. • http://seclists.org/oss-sec/2014/q2/572 http://secunia.com/advisories/59533 http://www.ubuntu.com/usn/USN-2255-1 https://bugs.launchpad.net/neutron/+bug/1309195 https://access.redhat.com/security/cve/CVE-2014-4167 https://bugzilla.redhat.com/show_bug.cgi?id=1110139 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-6433 – openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation
https://notcve.org/view.php?id=CVE-2013-6433
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file. La configuración por defecto en el paquete Red Hat Openstack-Neutron anterior a 2013.2.3-7 no establece debidamente un archivo de configuración para rootwrap, lo que permite a atacantes remotos ganar privilegios a través de un archivo de configuración manipulado. • http://rhn.redhat.com/errata/RHSA-2014-0516.html http://secunia.com/advisories/59533 http://www.ubuntu.com/usn/USN-2255-1 https://bugzilla.redhat.com/show_bug.cgi?id=1039812 https://access.redhat.com/security/cve/CVE-2013-6433 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-0056 – openstack-neutron: insufficient authorization checks when creating ports
https://notcve.org/view.php?id=CVE-2014-0056
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command. El agente l3 en OpenStack Neutron 2012.2 anterior a 2013.2.3 no comprueba el id inquilino cuando crea puertos, lo que permite a usuarios remotos autenticados enchufar puertos a los routers de inquilinos arbitrarios a través del id dispositivo en un comando port-create. • http://rhn.redhat.com/errata/RHSA-2014-0516.html http://www.openwall.com/lists/oss-security/2014/03/27/5 http://www.ubuntu.com/usn/USN-2194-1 https://bugs.launchpad.net/neutron/+bug/1243327 https://access.redhat.com/security/cve/CVE-2014-0056 https://bugzilla.redhat.com/show_bug.cgi?id=1063141 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVE-2014-0187 – openstack-neutron: security groups bypass through invalid CIDR
https://notcve.org/view.php?id=CVE-2014-0187
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. El proceso openvswitch-agent en OpenStack Neutron 2013.1 anterior a 2013.2.4 y 2014.1 anterior a 2014.1.1 permite a usuarios remotos autenticados evadir restricciones de seguridad de grupo a través de un CIDR invalido en una regla de seguridad de grupo, lo que previene que se aplican más reglas. • http://lists.opensuse.org/opensuse-updates/2014-08/msg00035.html http://secunia.com/advisories/59533 http://www.openwall.com/lists/oss-security/2014/04/22/8 http://www.ubuntu.com/usn/USN-2255-1 https://bugs.launchpad.net/neutron/+bug/1300785 https://access.redhat.com/security/cve/CVE-2014-0187 https://bugzilla.redhat.com/show_bug.cgi?id=1090132 • CWE-264: Permissions, Privileges, and Access Controls •