CVE-2017-5936

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
References
Link Resource
https://github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2 Issue Tracking Patch Third Party Advisory
https://bugs.launchpad.net/nova-lxd/+bug/1656847 Issue Tracking Patch Third Party Advisory
http://www.ubuntu.com/usn/USN-3195-1 Third Party Advisory
http://www.securityfocus.com/bid/96182 Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2017/02/09/3 Mailing List Patch Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Configuration 2 (hide)

cpe:2.3:a:openstack:nova-lxd:*:*:*:*:*:*:*:*

Information

Published : 2017-04-12 15:59

Updated : 2019-10-02 17:03


NVD link : CVE-2017-5936

Mitre link : CVE-2017-5936


JSON object : View

Advertisement

dedicated server usa

Products Affected

canonical

  • ubuntu_linux

openstack

  • nova-lxd