Bug 1108033 - (CVE-2018-14635) VUL-0: CVE-2018-14635: openstack-neutron: denial of service when non-privileged tenants using the Linux bridge ml2 driver
(CVE-2018-14635)
VUL-0: CVE-2018-14635: openstack-neutron: denial of service when non-privileg...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/214034/
CVSSv3:RedHat:CVE-2018-14635:6.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-11 14:43 UTC by Alexander Bergmann
Modified: 2020-03-24 14:01 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-09-11 14:43:20 UTC
rh#1607822

When using the Linux bridge ml2 driver, non-privileged tenants are able to
create and attach ports without specifying an IP address, bypassing IP address
validation. A potential denial of service could occur if an IP address,
conflicting with existing guests or routers, is then assigned from outside of
the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2,
12.0.3 and 11.0.5 are vulnerable.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1607822
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14635
https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d
https://bugs.launchpad.net/neutron/+bug/1757482
Comment 2 Nathan Cutler 2018-09-24 10:38:03 UTC
Reassigning to Cloud team.
Comment 5 Karol Babioch 2019-02-12 15:34:28 UTC
This was fixed upstream in the following versions:

> This issue was fixed in the openstack/neutron 12.0.4 release.
> This issue was fixed in the openstack/neutron 11.0.6 release.

However we are still tracking this issue for:

SUSE:SLE-12-SP2:Update:Products:Cloud7:Update
Comment 7 Jeremy Moffitt 2019-08-06 17:42:50 UTC
https://jira.suse.com/browse/SOC-10076 created and added to backlog
Comment 8 Stephen Ma 2019-08-27 22:51:14 UTC
Request to OBS:Cloud:OpenStack:Newton:Staging https://build.opensuse.org/request/show/726596
Comment 13 Swamp Workflow Management 2019-10-15 16:17:35 UTC
SUSE-SU-2019:2671-1: An update that solves 6 vulnerabilities and has 17 fixes is now available.

Category: security (moderate)
Bug References: 1019074,1052286,1106515,1108033,1115960,1118159,1118900,1120657,1127558,1128954,1128987,1131053,1131961,1132860,1133719,1133722,1136784,1143475,1145796,1145867,1148383,1150895,1152916
CVE References: CVE-2016-10127,CVE-2018-15727,CVE-2018-19039,CVE-2018-558213,CVE-2019-15043,CVE-2019-5477
Sources used:
SUSE OpenStack Cloud 7 (src):    crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1, crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1, grafana-4.6.5-1.11.2, novnc-1.0.0-12.1, openstack-keystone-10.0.3~dev9-7.18.2, openstack-keystone-doc-10.0.3~dev9-7.18.2, openstack-neutron-9.4.2~dev21-7.32.1, openstack-neutron-doc-9.4.2~dev21-7.32.1, openstack-neutron-lbaas-9.2.2~dev11-4.18.3, openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3, openstack-nova-14.0.11~dev13-4.34.3, openstack-nova-doc-14.0.11~dev13-4.34.2, openstack-tempest-12.2.1~a0~dev177-4.6.3, python-pysaml2-4.0.2-3.11.3, python-urllib3-1.16-3.9.2, rubygem-chef-10.32.2-5.12.1, rubygem-easy_diff-1.0.0-3.3.1, sleshammer-0.7.0-0.18.12.3
SUSE Enterprise Storage 4 (src):    crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1, rubygem-chef-10.32.2-5.12.1, rubygem-easy_diff-1.0.0-3.3.1, sleshammer-0.7.0-0.18.12.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Keith Berger 2020-03-23 18:13:54 UTC
I think this can be resolved. Can you confirm Alex?
Comment 15 Marcus Meissner 2020-03-24 14:01:22 UTC
seems done