68 lines
1.7 KiB
YAML
68 lines
1.7 KiB
YAML
date: 2021-07-12
|
|
|
|
id: OSSA-2021-001
|
|
|
|
title: Anti-spoofing bypass for Open vSwitch networks
|
|
|
|
description: >
|
|
David Sinquin with Gandi.net reported a vulnerability in Neutron's default
|
|
Open vSwitch firewall rules. By sending carefully crafted packets, anyone in
|
|
control of a server instance connected to the virtual switch can impersonate
|
|
the IPv6 addresses of other systems on the network, resulting in denial of
|
|
service or in some cases possibly interception of traffic intended for other
|
|
destinations. Only deployments using the Open vSwitch driver are affected.
|
|
|
|
affected-products:
|
|
- product: Neutron
|
|
version: '<16.3.3, >=17.0.0 <17.1.3, =18.0.0'
|
|
|
|
vulnerabilities:
|
|
- cve-id: CVE-2021-20267
|
|
|
|
reporters:
|
|
- name: David Sinquin
|
|
affiliation: Gandi.net
|
|
reported:
|
|
- CVE-2021-20267
|
|
|
|
issues:
|
|
links:
|
|
- https://launchpad.net/bugs/1902917
|
|
|
|
reviews:
|
|
xena:
|
|
- https://review.opendev.org/783743
|
|
|
|
wallaby:
|
|
- https://review.opendev.org/776599
|
|
- https://review.opendev.org/791464
|
|
|
|
victoria:
|
|
- https://review.opendev.org/777783
|
|
- https://review.opendev.org/791465
|
|
|
|
ussuri:
|
|
- https://review.opendev.org/777784
|
|
- https://review.opendev.org/791467
|
|
|
|
train:
|
|
- https://review.opendev.org/777785
|
|
- https://review.opendev.org/791468
|
|
|
|
stein:
|
|
- https://review.opendev.org/777872
|
|
- https://review.opendev.org/791500
|
|
|
|
rocky:
|
|
- https://review.opendev.org/777786
|
|
- https://review.opendev.org/791469
|
|
|
|
queens:
|
|
- https://review.opendev.org/777873
|
|
- https://review.opendev.org/791470
|
|
|
|
notes:
|
|
- The stable/train, stable/stein, stable/rocky, and stable/queens branches
|
|
are under extended maintenance and will receive no new point releases, but
|
|
patches for them are provided as a courtesy.
|