Summary: | <sys-cluster/neutron-2013.2.2-r1 : Routers can be cross plugged by other tenants (CVE-2014-0056) (OSSA 2014-008) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/03/27/5 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
![]() fixed in neutron-2013.2.2-r1 removing myself from cc CVE-2014-0056 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0056): The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command. |