CVE 2014-0187
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.
Related bugs and status
CVE-2014-0187 (Candidate) is related to these bugs:
Bug #1185019: rootwrap sudoers configuration does not follow packaging guidelines
Bug #1300785: [OSSA 2014-014] neutron allows security group rules with invalid cidrs, resulting in broken iptables rules (breaking iptables-restore) (CVE-2014-0187)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1300785 | [OSSA 2014-014] neutron allows security group rules with invalid cidrs, resulting in broken iptables rules (breaking iptables-restore) (CVE-2014-0187) | neutron | Undecided | Fix Released | ||
1300785 | [OSSA 2014-014] neutron allows security group rules with invalid cidrs, resulting in broken iptables rules (breaking iptables-restore) (CVE-2014-0187) | OpenStack Security Advisory | High | Fix Released | ||
1300785 | [OSSA 2014-014] neutron allows security group rules with invalid cidrs, resulting in broken iptables rules (breaking iptables-restore) (CVE-2014-0187) | neutron icehouse | Undecided | Fix Released | ||
1300785 | [OSSA 2014-014] neutron allows security group rules with invalid cidrs, resulting in broken iptables rules (breaking iptables-restore) (CVE-2014-0187) | neutron havana | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.