Comment 7 for bug 1489111
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: IP, MAC, and DHCP spoofing rules can by bypassed by changing device_owner | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Assuming this affect all l2 agents and all supported release, here is the impact description:
Title: Neutron firewall rules bypass through port update
Reporter: Kevin Benton (Mirantis)
Products: Neutron
Affects: versions through 2014.2.3 and 2015.1 versions through 2015.1.1
Description:
Kevin Benton from Mirantis reported a vulnerability in Neutron. By changing the port's device owner of an instance right after it is created, an authenticated user may prevent firewall rules to be applied, potentially resulting in anti spoofing rules to be disabled. All Neutron setups are affected.