CVE-2017-5936 - OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron securi

CVE-2017-5936

Summary

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

References

Vulnerable Configurations

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:a:openstack:nova-lxd:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:nova-lxd:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	96182
confirm	https://bugs.launchpad.net/nova-lxd/+bug/1656847 https://github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2
mlist	[oss-security] 20170208 Re: CVE Request: Nova-LXD incorrectly applied Neutron security group rules
ubuntu	USN-3195-1

Last major update

03-10-2019 - 00:03

Published

12-04-2017 - 22:59

Last modified

03-10-2019 - 00:03