Published: 13/03/2019 Updated: 04/08/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

An issue exists in the iptables firewall module in OpenStack Neutron prior to 10.0.8, 11.x prior to 11.0.7, 12.x prior to 12.0.6, and 13.x prior to 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack neutron
redhat openstack 10
redhat openstack 14
redhat openstack 13
debian debian linux 9.0

Debian Bug report logs - #924508 neutron: CVE-2019-9735: it's possible to add a security group rule for VRRP with a dport Package: src:neutron; Maintainer for src:neutron is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 13 Mar 2019 19:21:01 UTC ...

A system hardening measure could be bypassed ...

Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup For the stable distribution (stretch), this problem has been fixed in version 2:911-3+deb9u1 We recommend that you upg ...

Synopsis Important: Red Hat Enterprise Linux OpenStack Platform security update Type/Severity Security Advisory: Important Topic An update for openstack-neutron, openstack-neutron-lbaas, and python-networking-bigswitch is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security ha ...

Synopsis Important: openstack-neutron security and bug fix update Type/Severity Security Advisory: Important Topic An update for openstack-neutron is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Important A Common V ...

Synopsis Important: openstack-neutron security update Type/Severity Security Advisory: Important Topic An update for openstack-neutron is now available for Red Hat OpenStack Platform 140 (Rocky)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...

Impact: Low Public Date: 2019-03-03 CWE: CWE-20 Bugzilla: 1690745: CVE-2019-9735 openstack-neutron: inc ...

CWE-755 https://launchpad.net/bugs/1818385 http://www.securityfocus.com/bid/107390 https://www.debian.org/security/2019/dsa-4409 https://security.openstack.org/ossa/OSSA-2019-001.html https://seclists.org/bugtraq/2019/Mar/24 http://www.openwall.com/lists/oss-security/2019/03/18/2 https://access.redhat.com/errata/RHSA-2019:0935 https://access.redhat.com/errata/RHSA-2019:0916 https://access.redhat.com/errata/RHSA-2019:0879 https://usn.ubuntu.com/4036-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924508 https://usn.ubuntu.com/4036-1/https://nvd.nist.gov

CVE-2019-9735

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect