Vulnerabilities > CVE-2019-9735 - Improper Handling of Exceptional Conditions vulnerability in multiple products
Summary
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4409.NASL description Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup. last seen 2020-06-01 modified 2020-06-02 plugin id 122957 published 2019-03-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122957 title Debian DSA-4409-1 : neutron - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4409. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(122957); script_version("1.2"); script_cvs_date("Date: 2020/02/04"); script_cve_id("CVE-2019-9735"); script_xref(name:"DSA", value:"4409"); script_name(english:"Debian DSA-4409-1 : neutron - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/neutron" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/neutron" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2019/dsa-4409" ); script_set_attribute( attribute:"solution", value: "Upgrade the neutron packages. For the stable distribution (stretch), this problem has been fixed in version 2:9.1.1-3+deb9u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:neutron"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"neutron-common", reference:"2:9.1.1-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"neutron-dhcp-agent", reference:"2:9.1.1-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"neutron-l3-agent", reference:"2:9.1.1-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"neutron-linuxbridge-agent", reference:"2:9.1.1-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"neutron-macvtap-agent", reference:"2:9.1.1-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"neutron-metadata-agent", reference:"2:9.1.1-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"neutron-metering-agent", reference:"2:9.1.1-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"neutron-openvswitch-agent", reference:"2:9.1.1-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"neutron-plugin-linuxbridge-agent", reference:"2:9.1.1-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"neutron-plugin-nec-agent", reference:"2:9.1.1-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"neutron-plugin-openvswitch-agent", reference:"2:9.1.1-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"neutron-server", reference:"2:9.1.1-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"neutron-sriov-agent", reference:"2:9.1.1-3+deb9u1")) flag++; if (deb_check(release:"9.0", prefix:"python-neutron", reference:"2:9.1.1-3+deb9u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4036-1.NASL description Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly handled certain security group rules in the iptables firewall module. An authenticated attacker could possibly use this issue to block further application of security group rules for other instances. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126256 published 2019-06-26 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126256 title Ubuntu 16.04 LTS / 18.10 : neutron vulnerability (USN-4036-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4036-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(126256); script_version("1.3"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2019-9735"); script_xref(name:"USN", value:"4036-1"); script_name(english:"Ubuntu 16.04 LTS / 18.10 : neutron vulnerability (USN-4036-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly handled certain security group rules in the iptables firewall module. An authenticated attacker could possibly use this issue to block further application of security group rules for other instances. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4036-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected python-neutron and / or python3-neutron packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-neutron"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3-neutron"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04|18\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"python-neutron", pkgver:"2:8.4.0-0ubuntu7.4")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"python-neutron", pkgver:"2:13.0.2-0ubuntu3.4")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"python3-neutron", pkgver:"2:13.0.2-0ubuntu3.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-neutron / python3-neutron"); }
Redhat
advisories |
| ||||||||||||
rpms |
|
References
- https://launchpad.net/bugs/1818385
- http://www.securityfocus.com/bid/107390
- https://www.debian.org/security/2019/dsa-4409
- https://security.openstack.org/ossa/OSSA-2019-001.html
- https://seclists.org/bugtraq/2019/Mar/24
- http://www.openwall.com/lists/oss-security/2019/03/18/2
- https://access.redhat.com/errata/RHSA-2019:0935
- https://access.redhat.com/errata/RHSA-2019:0916
- https://access.redhat.com/errata/RHSA-2019:0879
- https://usn.ubuntu.com/4036-1/