CVE-2015-5240: Race Condition
First published: Mon Aug 31 2015(Updated: )
It was reported that a vulnerability was found in Neutron. By changing the device owner of an instance's port right after it is created, an authenticated user may prevent application of firewall rules and so avoid IP anti-spoofing controls. All Neutron setups using the ML2 plugin or a plugin that relies on the security groups AMQP API are affected. All Neutron setups using the ML2 plugin or a plugin that relies on the security groups AMQP API are affected. Vulnerability affects versions through 2014.2.3 and 2015.1 versions through 2015.1.1 Acknowledgements: Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Kevin Benton from Mirantis as the original reporter.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenStack Neutron | =2014.2.3 | |
| OpenStack Neutron | =2015.1.0 | |
| OpenStack Neutron | =2015.1.1 | |
| pip/neutron | <7.0.0 | 7.0.0 |
| =2014.2.3 | ||
| =2015.1.0 | ||
| =2015.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2015/09/08/9
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1261385
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1261386
- https://rhn.redhat.com/errata/RHSA-2015-1909.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1258458
- http://rhn.redhat.com/errata/RHSA-2015-1909.html
- https://bugs.launchpad.net/neutron/+bug/1489111
- https://security.openstack.org/ossa/OSSA-2015-018.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-5240
- https://access.redhat.com/errata/RHSA-2015:1909
- https://access.redhat.com/security/cve/CVE-2015-5240
- https://github.com/openstack/neutron/commit/767cea23de44a963c6793ffe30ea5c6827d27a38
- https://github.com/openstack/neutron/commit/bbca973986fdc99eae9d1b2545e8246c0b2be2e2
- https://github.com/openstack/neutron/commit/fdc3431ccd219accf6a795079d9b67b8656eed8e
- https://github.com/advisories/GHSA-hhpj-6pj7-wpx5 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2015-5240?
CVE-2015-5240 has a medium severity rating due to its potential to bypass firewall rules and IP anti-spoofing controls.
How do I fix CVE-2015-5240?
To fix CVE-2015-5240, upgrade OpenStack Neutron to version 7.0.0 or later.
Which versions of Neutron are affected by CVE-2015-5240?
CVE-2015-5240 affects OpenStack Neutron versions 2014.2.3, 2015.1.0, and 2015.1.1.
Who can exploit CVE-2015-5240?
An authenticated user can exploit CVE-2015-5240 by altering the device owner of an instance's port immediately after creation.
What are the implications of CVE-2015-5240?
The implications of CVE-2015-5240 include the potential for unauthorized bypass of network security features.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-hhpj-6pj7-wpx5
- alias/CVE-2015-5240
- agent/software-canonical-lookup
- agent/references
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- agent/description
- agent/author
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/openstack
- canonical/openstack neutron
- version/openstack neutron/2014.2.3
- version/openstack neutron/2015.1.0
- version/openstack neutron/2015.1.1
- package-manager/pip