Red Hat Security Advisory 2014-0516-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A flaw was found in the way OpenStack Networking performed authorization checks on created ports. An authenticated user could potentially use this flaw to create ports on a router belonging to a different tenant, allowing unauthorized access to the network of other tenants. Note that only OpenStack Networking setups using plug-ins that rely on the l3-agent were affected.
c0588230b69d9979c0b5ff1a318a4d0d3c47c4b2e44dde5b16954df8d2d433c8Ubuntu Security Notice 2194-1 - Aaron Rosen discovered that OpenStack Neutron did not properly perform authorization checks when creating ports when using plugins relying on the l3-agent. A remote authenticated attacker could exploit this to access the network of other tenants.
db5e15c4fce786cdd65d813b2d0c7d765845ba472cff8e284d5eacecfdc9624a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed