PT-2016-6392 · Openstack · Openstack Neutron

Dustin Lundquist

Publicado

2016-06-17

Atualizado

2022-05-17

CVE-2016-5363

CVSS v3.1

8.2

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenStack Neutron versions prior to 7.0.4 OpenStack Neutron versions 8.0.0 through 8.1.0

Description The issue allows remote attackers to bypass an intended MAC-spoofing protection mechanism, potentially causing a denial of service or allowing them to intercept network traffic. This can be achieved via a crafted DHCP discovery message or crafted non-IP traffic.

Recommendations For OpenStack Neutron versions prior to 7.0.4, update to version 7.0.4 or later. For OpenStack Neutron versions 8.0.0 through 8.1.0, update to version 8.1.0 or later. As a temporary workaround, consider restricting access to the IPTables firewall to minimize the risk of exploitation.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-254

Identificadores relacionados

CVE-2016-5363

GHSA-9PP3-CVMQ-9P22

RHSA-2016:1473

RHSA-2016:1474

SUSE-SU-2016:2143-1

Produtos afetados

Openstack Neutron

PT-2016-6392 · Openstack · Openstack Neutron

CVE-2016-5363

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 34