Candidate: CVE-2015-5240
PublicDate: 2015-10-27 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5240
 http://www.openwall.com/lists/oss-security/2015/09/08/9
Description:
 Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before
 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows
 remote authenticated users to bypass IP anti-spoofing controls by changing
 the device owner of a port to start with network: before the security group
 rules are applied.
Ubuntu-Description:
Notes:
 sbeattie> This fix will be included in future 2014.2.4 (juno) and
 sbeattie> 2015.1.2 (kilo) releases.
Bugs:
 https://launchpad.net/bugs/1489111
Priority: medium
Discovered-by: Kevin Benton
Assigned-to:
CVSS: 

Patches_neutron:
 upstream: https://review.openstack.org/221345 (Juno)
 upstream: https://review.openstack.org/221344 (Kilo)
 upstream: https://review.openstack.org/221342 (Liberty)
upstream_neutron: needs-triage
precise_neutron: DNE
trusty_neutron: not-affected (code not present)
trusty/esm_neutron: DNE (trusty was not-affected [code not present])
vivid_neutron: not-affected (1:2015.1.2-0ubuntu1)
wily_neutron: not-affected (2:7.0.0-0ubuntu1)
devel_neutron: not-affected (2:7.0.0-0ubuntu1)