PT-2014-3696 · Crowbar · Barclamp

Published

2014-04-04

Updated

2014-04-04

CVE-2014-0592

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Barclamp (aka barclamp-network) version 1.7

Description The issue allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs, because netfilter is not enabled on bridges when creating new instances.

Recommendations For Barclamp (aka barclamp-network) version 1.7, enable netfilter on bridges when creating new instances to prevent bypassing security group restrictions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-0592

Affected Products

Barclamp

PT-2014-3696 · Crowbar · Barclamp

CVE-2014-0592

Weakness Enumeration

Related Identifiers

Affected Products

References · 6