In this reports 2 different levels of address forging are discussed:
1 - forging with another address from the same subnet
2 - forging with an address outside the assigned subnet
In case #2 even if potentially there is a bug to investigate, there is not a security vulnerability imho.
For Case #1 I need to verify the behaviour independently (or get someone to do that), since it is a minor security vulnerability on shared networks as one tenant might impersonate another tenant's VM. Please note that this would happen if the operator did not assign each tenant a distinct security group, which is quite unlikely.
I'm inclined to say that this should not be granted an OSSA, but this is pending further verification on the behaviour reported.
In this reports 2 different levels of address forging are discussed:
1 - forging with another address from the same subnet
2 - forging with an address outside the assigned subnet
In case #2 even if potentially there is a bug to investigate, there is not a security vulnerability imho.
For Case #1 I need to verify the behaviour independently (or get someone to do that), since it is a minor security vulnerability on shared networks as one tenant might impersonate another tenant's VM. Please note that this would happen if the operator did not assign each tenant a distinct security group, which is quite unlikely.
I'm inclined to say that this should not be granted an OSSA, but this is pending further verification on the behaviour reported.