Ubuntu Update For Neutron USN-2194-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Aaron Rosen discovered that OpenStack Neutron did not properly perform authorization checks when creating ports when using plugins relying on the l3-agent. A remote authenticated attacker could exploit this to access the network of other tenants.

Affected

neutron on Ubuntu 13.10

Severity

Classification

CVE CVE-2014-0056
CVSS Base Score: 2.1
AV:N/AC:H/Au:S/C:P/I:N/A:N

Related Vulnerabilities

Ubuntu Update for libnss-db vulnerability USN-922-1
Ubuntu Update for neutron USN-2194-1
Ubuntu Update for apt USN-1662-1
Ubuntu Update for gnupg USN-2339-1
Ubuntu Update for libimobiledevice USN-1927-1

Take action and discover your vulnerabilities