Bug 559968 (CVE-2015-5240)

Summary:	<sys-cluster/neutron-2015.1.1-r1: Neutron firewall rules bypass through port update (CVE-2015-5240)
Product:	Gentoo Security	Reporter:	Matthew Thode ( prometheanfire ) <prometheanfire>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://lists.openstack.org/pipermail/openstack-announce/2015-September/000614.html
Whiteboard:	B3 [noglsa cve]
Package list:		Runtime testing required:	---

Description Matthew Thode ( prometheanfire ) archtester

2015-09-08 14:57:49 UTC

Title: Neutron firewall rules bypass through port update
Reporter: Kevin Benton (Mirantis)
Products: Neutron
Affects: versions through 2014.2.3 and 2015.1 versions through 2015.1.1

Description:
Kevin Benton from Mirantis reported a vulnerability in Neutron. By
changing the device owner of an instance's port right after it is
created, an authenticated user may prevent application of firewall rules
and so avoid IP anti-spoofing controls. All Neutron setups using the ML2
plugin or a plugin that relies on the security groups AMQP API are affected.

Reproducible: Always

Comment 1 Matthew Thode ( prometheanfire ) archtester

2015-09-08 14:58:48 UTC

arches, please stablize the following

=sys-cluster/neutron-2015.1.1-r1

Comment 2 Agostino Sarubbo gentoo-dev

2015-09-09 07:10:39 UTC

amd64 stable

Comment 3 Agostino Sarubbo gentoo-dev

2015-09-09 07:11:03 UTC

x86 stable.

Maintainer(s), please cleanup.

Comment 4 Matthew Thode ( prometheanfire ) archtester

2015-09-10 03:51:06 UTC

maintainer cleaned up

Comment 5 Yury German Gentoo Infrastructure

2015-09-24 01:23:13 UTC

Maintainer(s), Thank you for you for cleanup.

GLSA Vote: No

Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev

2015-10-07 07:59:09 UTC

GLSA Vote: No