Comment 52 for bug 1558658
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: Security Groups do not prevent MAC and/or IPv4 spoofing in DHCP requests | #52 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Here is the final impact description:
Title: Neutron anti-spoof protection bypass
Reporter: Romain Aviolat (Nagravision) and Dustin Lundquist (Blue Box Group, Inc)
Products: Neutron
Affects: <=7.0.4, >=8.0.0 <=8.1.0
Description:
Romain Aviolat from Nagravision and Dustin Lundquist from Blue Box
Group, Inc independently reported vulnerabilities in Neutron anti-
spoof protection. By forging DHCP discovery messages or non-IP
traffic, such as ARP or ICMPv6, an instance may spoof IP or MAC source
addresses on attached networks resulting in denial of services and/or
traffic interception. Moreover when L2population isn't used, other
tenants attached to a shared network are also vulnerable. Neutron
setups using the IPTables firewall driver are affected.