CVE-2014-0056

Priority
Medium
Description
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the
tenant id when creating ports, which allows remote authenticated users to
plug ports into the routers of arbitrary tenants via the device id in a
port-create command.
References
Bugs
Notes
jdstrand> fixed in 1:2013.2.3-0ubuntu1. Needs a rebuild for saucy-security
Assigned-to
jdstrand
Package
Upstream:released (2013.2.3)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):released (1:2013.2.3-0ubuntu1.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1:2014.1~b3-0ubuntu1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (1:2014.1~b3-0ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-05-16 03:14:41 UTC (commit 8064)