Launchpad CVE tracker

CVE 2015-5240

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.

Related bugs and status

CVE-2015-5240 (Candidate) is related to these bugs:

Bug #1489111: [OSSA 2015-018] IP, MAC, and DHCP spoofing rules can by bypassed by changing device_owner (CVE-2015-5240)

		In	Importance	Status
1489111	[OSSA 2015-018] IP, MAC, and DHCP spoofing rules can by bypassed by changing device_owner (CVE-2015-5240)	neutron	Undecided	Fix Released
1489111	[OSSA 2015-018] IP, MAC, and DHCP spoofing rules can by bypassed by changing device_owner (CVE-2015-5240)	OpenStack Security Advisory	Undecided	Fix Released
1489111	[OSSA 2015-018] IP, MAC, and DHCP spoofing rules can by bypassed by changing device_owner (CVE-2015-5240)	neutron juno	Undecided	Fix Released

Bug #1489958: (CVE-2015-5240) Neutron firewall rules bypass through port update

		In	Importance	Status
1489958	(CVE-2015-5240) Neutron firewall rules bypass through port update	Mirantis OpenStack	High	Fix Committed
1489958	(CVE-2015-5240) Neutron firewall rules bypass through port update	Mirantis OpenStack 6.1.x	High	Fix Released
1489958	(CVE-2015-5240) Neutron firewall rules bypass through port update	Mirantis OpenStack 7.0.x	High	Fix Released
1489958	(CVE-2015-5240) Neutron firewall rules bypass through port update	Mirantis OpenStack 5.1.x	High	Fix Released
1489958	(CVE-2015-5240) Neutron firewall rules bypass through port update	Mirantis OpenStack 6.0.x	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-5240

References