Vulnerabilities > CVE-2016-5363 - 7PK - Security Features vulnerability in Openstack Neutron

CVSS 8.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

openstack

CWE-254

NVD

Published: 2016-06-17

Updated: 2016-11-28

Summary

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.

Vulnerable Configurations

Part	Description	Count
Application	Openstack Openstack Neutron 7.0.1 Openstack Neutron 8.0.0 Openstack Neutron 7.0.2 Openstack Neutron 7.0.3 Openstack Neutron 7.0.4 Openstack Neutron 8.1.0 Openstack Neutron 7.0.0	7

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Redhat

advisories

rhsa
id RHSA-2016:1473
rhsa
id RHSA-2016:1474

rpms

openstack-neutron-1:7.0.4-11.el7ost
openstack-neutron-bigswitch-1:7.0.4-11.el7ost
openstack-neutron-brocade-1:7.0.4-11.el7ost
openstack-neutron-cisco-1:7.0.4-11.el7ost
openstack-neutron-common-1:7.0.4-11.el7ost
openstack-neutron-dev-server-1:7.0.4-11.el7ost
openstack-neutron-embrane-1:7.0.4-11.el7ost
openstack-neutron-linuxbridge-1:7.0.4-11.el7ost
openstack-neutron-mellanox-1:7.0.4-11.el7ost
openstack-neutron-metering-agent-1:7.0.4-11.el7ost
openstack-neutron-midonet-1:7.0.4-11.el7ost
openstack-neutron-ml2-1:7.0.4-11.el7ost
openstack-neutron-nuage-1:7.0.4-11.el7ost
openstack-neutron-ofagent-1:7.0.4-11.el7ost
openstack-neutron-oneconvergence-nvsd-1:7.0.4-11.el7ost
openstack-neutron-opencontrail-1:7.0.4-11.el7ost
openstack-neutron-openvswitch-1:7.0.4-11.el7ost
openstack-neutron-ovsvapp-1:7.0.4-11.el7ost
openstack-neutron-rpc-server-1:7.0.4-11.el7ost
openstack-neutron-sriov-nic-agent-1:7.0.4-11.el7ost
python-neutron-1:7.0.4-11.el7ost
python-neutron-tests-1:7.0.4-11.el7ost
openstack-neutron-0:2015.1.4-2.el7ost
openstack-neutron-bigswitch-0:2015.1.4-2.el7ost
openstack-neutron-brocade-0:2015.1.4-2.el7ost
openstack-neutron-cisco-0:2015.1.4-2.el7ost
openstack-neutron-common-0:2015.1.4-2.el7ost
openstack-neutron-embrane-0:2015.1.4-2.el7ost
openstack-neutron-ibm-0:2015.1.4-2.el7ost
openstack-neutron-linuxbridge-0:2015.1.4-2.el7ost
openstack-neutron-mellanox-0:2015.1.4-2.el7ost
openstack-neutron-metaplugin-0:2015.1.4-2.el7ost
openstack-neutron-metering-agent-0:2015.1.4-2.el7ost
openstack-neutron-midonet-0:2015.1.4-2.el7ost
openstack-neutron-ml2-0:2015.1.4-2.el7ost
openstack-neutron-nec-0:2015.1.4-2.el7ost
openstack-neutron-nuage-0:2015.1.4-2.el7ost
openstack-neutron-ofagent-0:2015.1.4-2.el7ost
openstack-neutron-oneconvergence-nvsd-0:2015.1.4-2.el7ost
openstack-neutron-opencontrail-0:2015.1.4-2.el7ost
openstack-neutron-openvswitch-0:2015.1.4-2.el7ost
openstack-neutron-ovsvapp-0:2015.1.4-2.el7ost
openstack-neutron-plumgrid-0:2015.1.4-2.el7ost
openstack-neutron-sriov-nic-agent-0:2015.1.4-2.el7ost
openstack-neutron-vmware-0:2015.1.4-2.el7ost
python-neutron-0:2015.1.4-2.el7ost
python-neutron-tests-0:2015.1.4-2.el7ost

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Redhat

References