[OSSA 2014-014] Neutron security groups bypass through invalid CIDR (CVE-2014-0187)

[Tristan Cacqueray <tristan.cacqueray () enovance com>]

OpenStack Security Advisory: 2014-014
CVE: CVE-2014-0187
Date: April 22, 2014
Title: Neutron security groups bypass through invalid CIDR
Reporters: Stephen Ma (HP) and Christoph Thiel (Deutsche Telekom)
Products: Neutron
Versions: 2013.1 to 2013.2.3, and 2014.1

Description:
Stephen Ma from Hewlett Packard and Christoph Thiel from Deutsche
Telekom reported a vulnerability in Neutron security groups. By creating
a security group rule with an invalid CIDR, an authenticated user may
break openvswitch-agent process, preventing further rules from being
applied on the host. Note: removal of the faulty rule is not enough, the
openvswitch-agent must be restarted. All Neutron setups using Open
vSwitch are affected.

Juno (development branch) fix:
https://review.openstack.org/59212

Icehouse fix:
https://review.openstack.org/88674

Havana fix:
https://review.openstack.org/88057

Notes:
This fix will be included in the juno-1 development milestone and in
future 2013.2.4 and 2014.1.1 releases.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0187
https://launchpad.net/bugs/1300785

-- 
Tristan Cacqueray
OpenStack Vulnerability Management Team

Attachment: signature.asc
Description: OpenPGP digital signature