OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Neutron | Openstack | 2013.2 (including) | 2013.2.4 (including) |
| Neutron | Openstack | 2014.1 (including) | 2014.1.2 (excluding) |
| Neutron | Openstack | 2014.2 (including) | 2014.2.4 (including) |
| OpenStack 4 for RHEL 6 | RedHat | openstack-neutron-0:2013.2.4-5.el6ost | * |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | RedHat | openstack-neutron-0:2014.1.3-8.el6ost | * |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | RedHat | python-neutronclient-0:2.3.4-3.el6ost | * |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | RedHat | openstack-neutron-0:2014.1.3-7.el7ost | * |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | RedHat | python-neutronclient-0:2.3.4-3.el7ost | * |
| Neutron | Ubuntu | trusty | * |
| Neutron | Ubuntu | upstream | * |
References
- http://rhn.redhat.com/errata/RHSA-2014-1686.html
- http://rhn.redhat.com/errata/RHSA-2014-1785.html
- http://rhn.redhat.com/errata/RHSA-2014-1786.html
- http://secunia.com/advisories/62299
- http://www.openwall.com/lists/oss-security/2014/09/15/5
- http://www.ubuntu.com/usn/USN-2408-1
- https://bugs.launchpad.net/neutron/+bug/1357379
- http://rhn.redhat.com/errata/RHSA-2014-1686.html
- http://rhn.redhat.com/errata/RHSA-2014-1785.html
- http://rhn.redhat.com/errata/RHSA-2014-1786.html
- http://secunia.com/advisories/62299
- http://www.openwall.com/lists/oss-security/2014/09/15/5
- http://www.ubuntu.com/usn/USN-2408-1
- https://bugs.launchpad.net/neutron/+bug/1357379