Comment 2 for bug 1502933
Revision history for this message
| Salvatore Orlando (salvatore-orlando) wrote Re: ICMPv6 anti-spoofing rules are too permissive | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
In this reports 2 different levels of address forging are discussed:
1 - forging with another address from the same subnet
2 - forging with an address outside the assigned subnet
In case #2 even if potentially there is a bug to investigate, there is not a security vulnerability imho.
For Case #1 I need to verify the behaviour independently (or get someone to do that), since it is a minor security vulnerability on shared networks as one tenant might impersonate another tenant's VM. Please note that this would happen if the operator did not assign each tenant a distinct security group, which is quite unlikely.
I'm inclined to say that this should not be granted an OSSA, but this is pending further verification on the behaviour reported.