Comment 26 for bug 1558658
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: Security Groups do not prevent MAC and/or IPv4 spoofing in DHCP requests | #26 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Covering both bug 1558658 and bug 1502933, here is impact description draft #1.
Is this accurate enough ?
Title: Neutron anti-spoof protection bypass
Reporter: Romain Aviolat (Nagravision) and Dustin Lundquist (Blue Box Group)
Products: Neutron
Affects: >=2015.1.0 <=2015.1.3, >=7.0.0 <=7.0.4, <=8.0.0
Description:
Romain Aviolat from Nagravision and Dustin Lundquist from Blue Box Group, Inc independently reported a vulnerability in Neutron anti-spoof protection. By forging discovery protocol source address, an instance may spoof addresses on attached network resulting in Denial of Service and/or traffic interception. When L2population isn't used, other tenants attached to a shared network are also vulnerable. Neutron setups using the IPTables firewall driver are affected.