CVE-2019-9735

Published: Mar 13, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)

Affected (8)

Products: Openstack: Neutron · Redhat: Openstack · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Openstack Neutron	Before 10.0.8
Openstack Neutron	From 11.0.0 to 11.0.7
Openstack Neutron	From 12.0.0 to 12.0.6
Openstack Neutron	From 13.0.0 to 13.0.3

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 10
Redhat Openstack	Version 13
Redhat Openstack	Version 14

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (20)

http://www.openwall.com/lists/oss-security/2019/03/18/2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/107390

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:0879

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0916

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0935

Source: cve@mitre.org

Third Party Advisory

https://launchpad.net/bugs/1818385

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://seclists.org/bugtraq/2019/Mar/24

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.openstack.org/ossa/OSSA-2019-001.html

Source: cve@mitre.org

PatchVendor Advisory

https://usn.ubuntu.com/4036-1/

Source: cve@mitre.org

https://www.debian.org/security/2019/dsa-4409

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2019/03/18/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/107390

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2019:0879

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0916

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0935

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://launchpad.net/bugs/1818385

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://seclists.org/bugtraq/2019/Mar/24

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.openstack.org/ossa/OSSA-2019-001.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://usn.ubuntu.com/4036-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2019/dsa-4409

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.