PT-2015-6812 · Openstack · Openstack Neutron

Kevin Benton

Publicado

2015-10-15

Atualizado

2026-06-04

CVE-2015-5240

CVSS v2.0

3.5

Baixa

Vetor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenStack Neutron versions prior to 2014.2.4 OpenStack Neutron versions prior to 2015.1.2

Description A race condition exists when using the ML2 plugin or the security groups AMQP API, allowing remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with 'network:' before the security group rules are applied.

Recommendations For OpenStack Neutron versions prior to 2014.2.4, update to version 2014.2.4 or later to resolve the issue. For OpenStack Neutron versions prior to 2015.1.2, update to version 2015.1.2 or later to resolve the issue.

Correção

DoS

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

CVE-2015-5240

GHSA-HHPJ-6PJ7-WPX5

RHSA-2015:1909

SUSE-SU-2015:1890-1

SUSE-SU-2015:2220-1

Produtos afetados

Openstack Neutron

PT-2015-6812 · Openstack · Openstack Neutron

CVE-2015-5240

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 38