CVE-2014-4167

Related Files

Red Hat Security Advisory 2014-0899-01

Posted Jul 17, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0899-01 - The openstack-neutron packages provide Openstack Networking, the virtual network service. OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. It was discovered that an authenticated user could add a security group rule with an invalid CIDR causing the openvswitch-agent process to fail and prevent further rules from being applied.

tags | advisory

systems | linux, redhat

advisories | CVE-2014-0187, CVE-2014-4167

SHA-256 | 12984459022baf2395d5a366d6fa4c480f4128a03b2f292f6a9b26954ff26981

Download | Favorite | View

Ubuntu Security Notice USN-2255-1

Posted Jun 25, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2255-1 - Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron did not properly set up its sudo configuration. If a different flaw was found in OpenStack Neutron, this vulnerability could be used to escalate privileges. Stephen Ma and Christoph Thiel discovered that the openvswitch-agent in OpenStack Neutron did not properly perform input validation when creating security group rules when specifying --remote-ip-prefix. A remote authenticated attacker could exploit this to prevent application of additional rules. Various other issues were also addressed.

tags | advisory, remote

systems | linux, ubuntu

advisories | CVE-2013-6433, CVE-2014-0187, CVE-2014-4167

SHA-256 | 5f775a27ed4d74086084452e073f1d3f9e6287cb5e6b3c509943cf3d9cd94a8a

Download | Favorite | View