Executive Summary
| Summary | |
|---|---|
| Title | OpenStack Neutron vulnerability |
| Informations | |||
|---|---|---|---|
| Name | USN-4036-1 | First vendor Publication | 2019-06-25 |
| Vendor | Ubuntu | Last vendor Modification | 2019-06-25 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 16.04 LTS Summary: A system hardening measure could be bypassed. Software Description: - neutron: OpenStack Virtual Network Service Details: Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly handled certain security group rules in the iptables firewall module. An authenticated attacker could possibly use this issue to block further application of security group rules for other instances. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: Ubuntu 16.04 LTS: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
| Url : http://www.ubuntu.com/usn/USN-4036-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-755 | Improper Handling of Exceptional Conditions |
CPE : Common Platform Enumeration
Alert History
| Date | Informations |
|---|---|
| 2019-06-25 17:18:55 |
|
