An issue exists in the iptables firewall module in OpenStack Neutron prior to 10.0.8, 11.x prior to 11.0.7, 12.x prior to 12.0.6, and 13.x prior to 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack neutron |
||
redhat openstack 10 |
||
redhat openstack 14 |
||
redhat openstack 13 |
||
debian debian linux 9.0 |