Ubuntu Update For Neutron USN-2194-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Aaron Rosen discovered that OpenStack Neutron did not properly perform authorization checks when creating ports when using plugins relying on the l3-agent. A remote authenticated attacker could exploit this to access the network of other tenants.

Affected

neutron on Ubuntu 13.10

Severity

Classification

CVE CVE-2014-0056

CVSS	Base Score: 2.1 AV:N/AC:H/Au:S/C:P/I:N/A:N

Related Vulnerabilities

Ubuntu Update for lightdm USN-1399-2
Ubuntu Update for linux-lts-backport-oneiric USN-1688-1
Ubuntu Update for qt4-x11 USN-1628-1
Ubuntu Update for - xdiagnose USN-1591-1
Ubuntu Update for linux USN-1996-1

Ubuntu Update for neutron USN-2194-1

Take action and discover your vulnerabilities