Comment 45 for bug 1461054
Revision history for this message
| Darragh O'Reilly (darragh-oreilly) wrote Re: Adding 0.0.0.0/0 to allowed address pairs breaks l2 agent (CVE-2015-3221) | #45 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Tristan, yes, a user can have a port with an allowed address pair with ip_address ending in /0 without breaking the L2 agent, if none of the port's security groups have their remote_group_id set. If a user has a port like this, and a patch to block new /0 address pairs is applied, the user could still break the agent by changing the port's security groups.
I'm not sure about deleting them - this could affect users. Maybe we could supply a python script for operators that would search for ports with /0 and update them with 2x /1 ?