Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-9599

puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.

Related bugs and status

CVE-2016-9599 (Candidate) is related to these bugs:

Bug #1651831: [CVE-2016-9599] undercloud firewall opening all ports with ssl enabled

Summary				In	Importance	Status
	1651831	[CVE-2016-9599] undercloud firewall opening all ports with ssl enabled		tripleo	Critical	Fix Released
	1651831	[CVE-2016-9599] undercloud firewall opening all ports with ssl enabled		tripleo newton	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
REDHAT: RHSA-2017:0025