CVE-2014-0071

Published: 17 April 2014

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

Priority

Medium

Status

Package Release Status
neutron
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1:2014.1~b3-0ubuntu1])
Patches:
Upstream: https://review.openstack.org/#/c/72452/
Upstream: https://git.openstack.org/cgit/openstack/neutron/commit/?id=be8a06894390af032e8e0aea2108da4780678cc7

Notes

AuthorNote
mdeslaur
CVE is actually assigned to packstack, not sure if the neutron
patch is actually a vulnerability fix.
jdstrand
per upstream, only Icehouse is affected

References

Bugs