CVE-2015-5240
EPSS 0.13%OpenStack Neutron Race condition vulnerability
發布日:2022/5/17修改日:2026/4/28
描述
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.
受影響套件(2)
- Debian/neutronfrom 0, < 1:7.0.0-1
- PyPI/neutronfrom 0, < 7.0.0
參考連結(13)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-5240
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-5240
- PATCHhttps://github.com/openstack/neutron
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-1909.html
- WEBhttps://access.redhat.com/errata/RHSA-2015:1909
- WEBhttps://access.redhat.com/security/cve/CVE-2015-5240
- WEBhttps://bugs.launchpad.net/neutron/+bug/1489111
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1258458
- WEBhttps://github.com/openstack/neutron/commit/767cea23de44a963c6793ffe30ea5c6827d27a38
- WEBhttps://github.com/openstack/neutron/commit/bbca973986fdc99eae9d1b2545e8246c0b2be2e2
- WEBhttps://github.com/openstack/neutron/commit/fdc3431ccd219accf6a795079d9b67b8656eed8e
- WEBhttps://security.openstack.org/ossa/OSSA-2015-018.html
- WEBhttp://www.openwall.com/lists/oss-security/2015/09/08/9