Bugzilla – Bug 869570
VUL-0: CVE-2014-0056: openstack-neutron: Routers can be cross plugged by other tenants
Last modified: 2014-06-27 10:53:54 UTC
via distros, embargoed CRD 2014-03-27, 1500UTC This is an advance warning of a vulnerability discovered in OpenStack, to give you, as downstream stakeholders, a chance to coordinate the release of fixes and reduce the vulnerability window. Please treat the following information as confidential until the proposed public disclosure date. Title: Routers can be cross plugged by other tenants Reporter: Aaron Rosen (VMWare) Products: Neutron Affects: 2012.2 versions up to 2013.2.2 Description: Aaron Rosen from VMWare reported a vulnerability where Neutron fails to perform proper authorization checks when creating ports. By choosing a device id of a router from a different tenant when creating a port, an authenticated user can access the network of other tenants. This affects deployments of Neutron using plugins relying on the l3-agent. Proposed patch: See attached patches. Unless a flaw is discovered in them, these patches will be merged to stable/grizzly, stable/havana and master (Icehouse development branch) on the public disclosure date. CVE: CVE-2014-0056 Proposed public disclosure date/time: 2014-03-27, 1500UTC Please do not make the issue public (or release public patches) before this coordinated embargo date. Regards, -- Grant Murphy OpenStack Vulnerability Management Team
Created attachment 583094 [details] CVE-2014-0056-stable-havana.patch CVE-2014-0056-stable-havana.patch
bugbot adjusting priority
is public.
https://review.openstack.org/#/q/I8bc6241f537d937e5729072dcc76871bf407cdb3,n,z upstream not merging EOL grizzly anymore - adding fix as patch
https://build.suse.de/request/show/35296 Cloud2.0 openstack-quantum https://build.suse.de/request/show/35297 Cloud3 python-neutronclient https://build.suse.de/request/show/35298 Cloud3 openstack-neutron
The SWAMPID for this issue is 56888. This issue was rated as moderate. Please submit fixed packages until 2014-04-17. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Update released for: crowbar, crowbar-barclamp-ceilometer, crowbar-barclamp-ceph, crowbar-barclamp-cinder, crowbar-barclamp-crowbar, crowbar-barclamp-crowbar-devel, crowbar-barclamp-database, crowbar-barclamp-deployer, crowbar-barclamp-dns, crowbar-barclamp-glance, crowbar-barclamp-heat, crowbar-barclamp-ipmi, crowbar-barclamp-keystone, crowbar-barclamp-logging, crowbar-barclamp-network, crowbar-barclamp-neutron, crowbar-barclamp-nfs_client, crowbar-barclamp-nova, crowbar-barclamp-nova_dashboard, crowbar-barclamp-ntp, crowbar-barclamp-pacemaker, crowbar-barclamp-provisioner, crowbar-barclamp-rabbitmq, crowbar-barclamp-suse-manager-client, crowbar-barclamp-swift, crowbar-barclamp-updater, crowbar-devel, haproxy, haproxy-debuginfo, haproxy-debugsource, mongodb, mongodb-devel, openstack-ceilometer, openstack-ceilometer-agent-central, openstack-ceilometer-agent-compute, openstack-ceilometer-alarm-evaluator, openstack-ceilometer-alarm-notifier, openstack-ceilometer-api, openstack-ceilometer-collector, openstack-ceilometer-doc, openstack-ceilometer-test, openstack-dashboard, openstack-dashboard-branding-upstream, openstack-dashboard-test, openstack-keystone, openstack-keystone-doc, openstack-keystone-test, openstack-neutron, openstack-neutron-dhcp-agent, openstack-neutron-doc, openstack-neutron-ha-tool, openstack-neutron-hyperv-agent, openstack-neutron-l3-agent, openstack-neutron-lbaas-agent, openstack-neutron-linuxbridge-agent, openstack-neutron-metadata-agent, openstack-neutron-metering-agent, openstack-neutron-mlnx-agent, openstack-neutron-nec-agent, openstack-neutron-openvswitch-agent, openstack-neutron-plugin-cisco, openstack-neutron-ryu-agent, openstack-neutron-server, openstack-neutron-test, openstack-neutron-vmware-agent, openstack-neutron-vpn-agent, openstack-nova, openstack-nova-api, openstack-nova-cells, openstack-nova-cert, openstack-nova-compute, openstack-nova-conductor, openstack-nova-console, openstack-nova-consoleauth, openstack-nova-doc, openstack-nova-network, openstack-nova-novncproxy, openstack-nova-objectstore, openstack-nova-scheduler, openstack-nova-test, openstack-nova-vncproxy, openstack-resource-agents, openstack-suse, openstack-suse-macros, openstack-suse-sudo, openstack-xen-plugins, patterns-cloud, python-amqp, python-ceilometer, python-heatclient, python-heatclient-doc, python-heatclient-test, python-horizon, python-horizon-branding-upstream, python-keystone, python-neutron, python-neutronclient, python-neutronclient-test, python-nova, python-psycopg2, python-psycopg2-debuginfo, python-psycopg2-debugsource, python-psycopg2-doc, rubygem-bson-1_9, rubygem-bson-1_9-doc, rubygem-mongo, rubygem-mongo-doc, rubygem-mongo-testsuite, susecloud-admin_en-pdf, susecloud-deployment_en-pdf, susecloud-manuals_en, susecloud-user_en-pdf, yast2-crowbar Products: SUSE-CLOUD 3.0 (x86_64)
SUSE-RU-2014:0656-1: An update that solves 5 vulnerabilities and has 15 fixes is now available. Category: recommended (low) Bug References: 840255,847189,861551,863719,865733,869078,869570,870175,870898,871199,871855,872116,872361,872700,872915,873127,874171,874611,874755,876326 CVE References: CVE-2014-0056,CVE-2014-0134,CVE-2014-0157,CVE-2014-0167,CVE-2014-2828 Sources used: SUSE Cloud 3 (src): crowbar-1.7+git.1393415366.c7d7ed2-0.9.1, crowbar-barclamp-ceilometer-1.7+git.1397725532.6562e99-0.11.1, crowbar-barclamp-ceph-1.7+git.1394531703.94bc662-0.7.4, crowbar-barclamp-cinder-1.7+git.1397563537.c0e3c1f-0.7.4, crowbar-barclamp-crowbar-1.7+git.1397546986.0138729-0.7.5, crowbar-barclamp-database-1.7+git.1398437917.4d9d949-0.7.4, crowbar-barclamp-deployer-1.7+git.1395841488.9bd9b18-0.7.4, crowbar-barclamp-dns-1.7+git.1395139533.d8065e0-0.7.4, crowbar-barclamp-glance-1.7+git.1397563542.7f7adbd-0.7.4, crowbar-barclamp-heat-1.7+git.1397563528.5365573-0.7.4, crowbar-barclamp-ipmi-1.7+git.1394447661.823417e-0.7.4, crowbar-barclamp-keystone-1.7+git.1397563548.5e1f6f4-0.7.4, crowbar-barclamp-logging-1.7+git.1394447795.1352678-0.7.4, crowbar-barclamp-network-1.7+git.1397462393.b75b4a2-0.7.4, crowbar-barclamp-neutron-1.7+git.1399280715.7a6d30c-0.7.1, crowbar-barclamp-nfs_client-1.7+git.1394448673.eec60d0-0.7.4, crowbar-barclamp-nova-1.7+git.1397563532.b0a2cf3-0.7.4, crowbar-barclamp-nova_dashboard-1.7+git.1397195786.72f875c-0.7.4, crowbar-barclamp-ntp-1.7+git.1394526594.bd0925a-0.7.4, crowbar-barclamp-pacemaker-1.7+git.1399292086.c9d262e-0.7.1, crowbar-barclamp-provisioner-1.7+git.1398437839.2078a3c-0.7.1, crowbar-barclamp-rabbitmq-1.7+git.1398437927.2b9a534-0.7.4, crowbar-barclamp-suse-manager-client-1.7+git.1394449068.c91f840-0.7.4, crowbar-barclamp-swift-1.7+git.1398348658.e9aadc4-0.7.4, crowbar-barclamp-updater-1.7+git.1394449074.c15a84e-0.7.4, haproxy-1.4.24-0.9.2, mongodb-2.4.3-0.13.1, openstack-ceilometer-2013.2.4.dev3.gd7b0634-0.9.1, openstack-ceilometer-doc-2013.2.4.dev3.gd7b0634-0.9.1, openstack-dashboard-2013.2.3.dev1.g54ec015-0.7.3, openstack-keystone-2013.2.4.dev2.ge7c2987-0.7.3, openstack-keystone-doc-2013.2.4.dev2.ge7c2987-0.7.3, openstack-neutron-2013.2.3.dev38.g1b9ceaf-0.7.3, openstack-neutron-doc-2013.2.3.dev38.g1b9ceaf-0.7.3, openstack-nova-2013.2.4.dev10.g155262c-0.7.3, openstack-nova-doc-2013.2.4.dev10.g155262c-0.7.3, openstack-resource-agents-1.0+git.1392632006.9b9b934-0.7.2, openstack-suse-2013.2-0.11.2, patterns-cloud-20140224-0.21.2, python-amqp-1.2.0-0.9.1, python-heatclient-0.2.6-0.7.2, python-neutronclient-2.3.4-0.7.3, python-psycopg2-2.5.2-0.7.2, rubygem-bson-1_9-1.9.2-0.7.2, rubygem-mongo-1.9.2-0.7.2, susecloud-manuals_en-3.0-0.34.1, yast2-crowbar-2.17.35-0.7.2
Reassigning to security team as fix was submitted (and even released, so I guess this can be closed?).
was released, yes