fkie_nvd - fkie_cve-2014-0056

fkie_cve-2014-0056

Vulnerability from fkie_nvd

Published

2014-05-08 14:29

Modified

2024-11-21 02:01

Severity ?

Summary

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

References

▼	URL	Tags
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-0516.html
	secalert@redhat.com	http://www.openwall.com/lists/oss-security/2014/03/27/5
	secalert@redhat.com	http://www.ubuntu.com/usn/USN-2194-1
	secalert@redhat.com	https://bugs.launchpad.net/neutron/+bug/1243327
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-0516.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2014/03/27/5
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2194-1
	af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/neutron/+bug/1243327

Impacted products

Vendor	Product	Version
openstack	neutron	2012.2
openstack	neutron	2012.2.1
openstack	neutron	2012.2.2
openstack	neutron	2012.2.3
openstack	neutron	2012.2.4
openstack	neutron	2013.1
openstack	neutron	2013.1.1
openstack	neutron	2013.1.2
openstack	neutron	2013.1.3
openstack	neutron	2013.1.4
openstack	neutron	2013.1.5
openstack	neutron	2013.2
openstack	neutron	2013.2.1
openstack	neutron	2013.2.2
canonical	ubuntu_linux	13.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2012.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0A288F-3646-4AE8-929B-34396D48959C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2012.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C9059C-E2E3-43F3-AF67-16F12E8E6A75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2012.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "29EF5428-2B02-45D1-A169-C8B4AD08440F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2012.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2E92974-39AD-4837-A3F0-6875E100366F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2012.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC68EC6-B12C-48B5-8B42-2BA2F85EB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22D37364-1253-495F-A3E0-CA4CEFBF2587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49D7F58E-536B-4E57-B02E-AB2A39AA4EAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81C24D0C-8F7B-48D3-825C-AC3ACD87F461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0774CBBB-8DF6-468F-AFD9-0C0FE314FF10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CCC7C3A-8E5B-447B-B339-1328C6DDDF9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AE37F27-FCDA-413C-8A3C-B3ED56BB7A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5EFDBB0-BCCD-42C4-ADFB-1C92BD5E9537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6772F036-DD92-40C4-AAAA-227BD41162FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:neutron:2013.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B90A2150-AAC4-468E-ABF6-59071E02D911",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command."
    },
    {
      "lang": "es",
      "value": "El agente l3 en OpenStack Neutron 2012.2 anterior a 2013.2.3 no comprueba el id inquilino cuando crea puertos, lo que permite a usuarios remotos autenticados enchufar puertos a los routers de inquilinos arbitrarios a trav\u00e9s del id dispositivo en un comando port-create."
    }
  ],
  "id": "CVE-2014-0056",
  "lastModified": "2024-11-21T02:01:15.850",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-08T14:29:12.737",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0516.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/03/27/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2194-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/neutron/+bug/1243327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0516.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/03/27/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2194-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/neutron/+bug/1243327"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2014-0056

Vulnerability from cvelistv5

Published

2014-05-08 14:00

Modified

2024-08-06 09:05