CVE-2017-5936 Information

Description

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances which allows remote attackers to bypass intended security restrictions.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

http://www.openwall.com/lists/oss-security/2017/02/09/3 http://www.securityfocus.com/bid/96182 http://www.ubuntu.com/usn/USN-3195-1 https://bugs.launchpad.net/nova-lxd/+bug/1656847 https://github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5