CVE-2014-0592

Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/crowbar/barclamp-network/pull/269
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00025.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/66519
http://secunia.com/advisories/57509	Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=864183

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:crowbar:barclamp:1.7:*:*:*:*:*:*:*

cpe:2.3:a:novell:suse_cloud:3.0:*:*:*:*:*:*:*

Information

Published : 2014-04-04 07:55

Updated : 2014-04-04 09:20

NVD link : CVE-2014-0592

Mitre link : CVE-2014-0592

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

novell

suse_cloud

crowbar

barclamp

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/crowbar/barclamp-network/pull/269", "name": "https://github.com/crowbar/barclamp-network/pull/269", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00025.html", "name": "SUSE-SU-2014:0452", "tags": ["Patch", "Vendor Advisory"], "refsource": "SUSE"}, {"url": "http://www.securityfocus.com/bid/66519", "name": "66519", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/57509", "name": "57509", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://bugzilla.novell.com/show_bug.cgi?id=864183", "name": "https://bugzilla.novell.com/show_bug.cgi?id=864183", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-0592", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-04-04T14:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:crowbar:barclamp:1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:novell:suse_cloud:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-04-04T16:20Z"}