Upstream information

CVE-2014-0056 at MITRE

Description

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 2.1
Vector AV:N/AC:H/Au:S/C:P/I:N/A:N
Access Vector Network
Access Complexity High
Authentication Single
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 869570 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE OpenStack Cloud 3.0
  • crowbar >= 1.7+git.1393415366.c7d7ed2-0.9.1
  • crowbar-barclamp-ceilometer >= 1.7+git.1397725532.6562e99-0.11.1
  • crowbar-barclamp-ceph >= 1.7+git.1394531703.94bc662-0.7.4
  • crowbar-barclamp-cinder >= 1.7+git.1397563537.c0e3c1f-0.7.4
  • crowbar-barclamp-crowbar >= 1.7+git.1397546986.0138729-0.7.5
  • crowbar-barclamp-database >= 1.7+git.1398437917.4d9d949-0.7.4
  • crowbar-barclamp-deployer >= 1.7+git.1395841488.9bd9b18-0.7.4
  • crowbar-barclamp-dns >= 1.7+git.1395139533.d8065e0-0.7.4
  • crowbar-barclamp-glance >= 1.7+git.1397563542.7f7adbd-0.7.4
  • crowbar-barclamp-heat >= 1.7+git.1397563528.5365573-0.7.4
  • crowbar-barclamp-ipmi >= 1.7+git.1394447661.823417e-0.7.4
  • crowbar-barclamp-keystone >= 1.7+git.1397563548.5e1f6f4-0.7.4
  • crowbar-barclamp-logging >= 1.7+git.1394447795.1352678-0.7.4
  • crowbar-barclamp-network >= 1.7+git.1397462393.b75b4a2-0.7.4
  • crowbar-barclamp-neutron >= 1.7+git.1399280715.7a6d30c-0.7.1
  • crowbar-barclamp-nfs_client >= 1.7+git.1394448673.eec60d0-0.7.4
  • crowbar-barclamp-nova >= 1.7+git.1397563532.b0a2cf3-0.7.4
  • crowbar-barclamp-nova_dashboard >= 1.7+git.1397195786.72f875c-0.7.4
  • crowbar-barclamp-ntp >= 1.7+git.1394526594.bd0925a-0.7.4
  • crowbar-barclamp-pacemaker >= 1.7+git.1399292086.c9d262e-0.7.1
  • crowbar-barclamp-provisioner >= 1.7+git.1398437839.2078a3c-0.7.1
  • crowbar-barclamp-rabbitmq >= 1.7+git.1398437927.2b9a534-0.7.4
  • crowbar-barclamp-suse-manager-client >= 1.7+git.1394449068.c91f840-0.7.4
  • crowbar-barclamp-swift >= 1.7+git.1398348658.e9aadc4-0.7.4
  • crowbar-barclamp-updater >= 1.7+git.1394449074.c15a84e-0.7.4
  • haproxy >= 1.4.24-0.9.2
  • mongodb >= 2.4.3-0.13.1
  • openstack-ceilometer >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-agent-central >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-agent-compute >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-alarm-evaluator >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-alarm-notifier >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-api >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-collector >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-doc >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-dashboard >= 2013.2.3.dev1.g54ec015-0.7.3
  • openstack-keystone >= 2013.2.4.dev2.ge7c2987-0.7.3
  • openstack-keystone-doc >= 2013.2.4.dev2.ge7c2987-0.7.3
  • openstack-neutron >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-dhcp-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-doc >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-ha-tool >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-l3-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-lbaas-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-linuxbridge-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-metadata-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-metering-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-mlnx-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-nec-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-openvswitch-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-plugin-cisco >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-ryu-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-server >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-vmware-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-vpn-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-nova >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-api >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-cells >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-cert >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-compute >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-conductor >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-console >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-consoleauth >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-doc >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-novncproxy >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-objectstore >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-scheduler >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-vncproxy >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-resource-agents >= 1.0+git.1392632006.9b9b934-0.7.2
  • openstack-suse-sudo >= 2013.2-0.11.2
  • patterns-cloud >= 20140224-0.21.2
  • python-amqp >= 1.2.0-0.9.1
  • python-ceilometer >= 2013.2.4.dev3.gd7b0634-0.9.1
  • python-heatclient >= 0.2.6-0.7.2
  • python-heatclient-doc >= 0.2.6-0.7.2
  • python-horizon >= 2013.2.3.dev1.g54ec015-0.7.3
  • python-keystone >= 2013.2.4.dev2.ge7c2987-0.7.3
  • python-neutron >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • python-neutronclient >= 2.3.4-0.7.3
  • python-nova >= 2013.2.4.dev10.g155262c-0.7.3
  • python-psycopg2 >= 2.5.2-0.7.2
  • rubygem-bson-1_9 >= 1.9.2-0.7.2
  • rubygem-mongo >= 1.9.2-0.7.2
  • susecloud-admin_en-pdf >= 3.0-0.34.1
  • susecloud-deployment_en-pdf >= 3.0-0.34.1
  • susecloud-manuals_en >= 3.0-0.34.1
  • susecloud-user_en-pdf >= 3.0-0.34.1
  • yast2-crowbar >= 2.17.35-0.7.2
Patchnames:
sleclo30sp3-cloud3-ha-201405
SUSE Cloud 3
  • crowbar >= 1.7+git.1393415366.c7d7ed2-0.9.1
  • crowbar-barclamp-ceilometer >= 1.7+git.1397725532.6562e99-0.11.1
  • crowbar-barclamp-ceph >= 1.7+git.1394531703.94bc662-0.7.4
  • crowbar-barclamp-cinder >= 1.7+git.1397563537.c0e3c1f-0.7.4
  • crowbar-barclamp-crowbar >= 1.7+git.1397546986.0138729-0.7.5
  • crowbar-barclamp-database >= 1.7+git.1398437917.4d9d949-0.7.4
  • crowbar-barclamp-deployer >= 1.7+git.1395841488.9bd9b18-0.7.4
  • crowbar-barclamp-dns >= 1.7+git.1395139533.d8065e0-0.7.4
  • crowbar-barclamp-glance >= 1.7+git.1397563542.7f7adbd-0.7.4
  • crowbar-barclamp-heat >= 1.7+git.1397563528.5365573-0.7.4
  • crowbar-barclamp-ipmi >= 1.7+git.1394447661.823417e-0.7.4
  • crowbar-barclamp-keystone >= 1.7+git.1397563548.5e1f6f4-0.7.4
  • crowbar-barclamp-logging >= 1.7+git.1394447795.1352678-0.7.4
  • crowbar-barclamp-network >= 1.7+git.1397462393.b75b4a2-0.7.4
  • crowbar-barclamp-neutron >= 1.7+git.1399280715.7a6d30c-0.7.1
  • crowbar-barclamp-nfs_client >= 1.7+git.1394448673.eec60d0-0.7.4
  • crowbar-barclamp-nova >= 1.7+git.1397563532.b0a2cf3-0.7.4
  • crowbar-barclamp-nova_dashboard >= 1.7+git.1397195786.72f875c-0.7.4
  • crowbar-barclamp-ntp >= 1.7+git.1394526594.bd0925a-0.7.4
  • crowbar-barclamp-pacemaker >= 1.7+git.1399292086.c9d262e-0.7.1
  • crowbar-barclamp-provisioner >= 1.7+git.1398437839.2078a3c-0.7.1
  • crowbar-barclamp-rabbitmq >= 1.7+git.1398437927.2b9a534-0.7.4
  • crowbar-barclamp-suse-manager-client >= 1.7+git.1394449068.c91f840-0.7.4
  • crowbar-barclamp-swift >= 1.7+git.1398348658.e9aadc4-0.7.4
  • crowbar-barclamp-updater >= 1.7+git.1394449074.c15a84e-0.7.4
  • haproxy >= 1.4.24-0.9.2
  • mongodb >= 2.4.3-0.13.1
  • openstack-ceilometer >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-agent-central >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-agent-compute >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-alarm-evaluator >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-alarm-notifier >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-api >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-collector >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-ceilometer-doc >= 2013.2.4.dev3.gd7b0634-0.9.1
  • openstack-dashboard >= 2013.2.3.dev1.g54ec015-0.7.3
  • openstack-keystone >= 2013.2.4.dev2.ge7c2987-0.7.3
  • openstack-keystone-doc >= 2013.2.4.dev2.ge7c2987-0.7.3
  • openstack-neutron >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-dhcp-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-doc >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-ha-tool >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-l3-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-lbaas-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-linuxbridge-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-metadata-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-metering-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-mlnx-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-nec-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-openvswitch-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-plugin-cisco >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-ryu-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-server >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-vmware-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-neutron-vpn-agent >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • openstack-nova >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-api >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-cells >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-cert >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-compute >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-conductor >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-console >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-consoleauth >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-doc >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-novncproxy >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-objectstore >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-scheduler >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-nova-vncproxy >= 2013.2.4.dev10.g155262c-0.7.3
  • openstack-resource-agents >= 1.0+git.1392632006.9b9b934-0.7.2
  • openstack-suse-sudo >= 2013.2-0.11.2
  • patterns-cloud >= 20140224-0.21.2
  • python-amqp >= 1.2.0-0.9.1
  • python-ceilometer >= 2013.2.4.dev3.gd7b0634-0.9.1
  • python-heatclient >= 0.2.6-0.7.2
  • python-heatclient-doc >= 0.2.6-0.7.2
  • python-horizon >= 2013.2.3.dev1.g54ec015-0.7.3
  • python-keystone >= 2013.2.4.dev2.ge7c2987-0.7.3
  • python-neutron >= 2013.2.3.dev38.g1b9ceaf-0.7.3
  • python-neutronclient >= 2.3.4-0.7.3
  • python-nova >= 2013.2.4.dev10.g155262c-0.7.3
  • python-psycopg2 >= 2.5.2-0.7.2
  • rubygem-bson-1_9 >= 1.9.2-0.7.2
  • rubygem-mongo >= 1.9.2-0.7.2
  • susecloud-admin_en-pdf >= 3.0-0.34.1
  • susecloud-deployment_en-pdf >= 3.0-0.34.1
  • susecloud-manuals_en >= 3.0-0.34.1
  • susecloud-user_en-pdf >= 3.0-0.34.1
  • yast2-crowbar >= 2.17.35-0.7.2
Builds
SAT Patch Nr: 9200


Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.

Product(s) Source package State
SUSE Cloud 2.0 openstack-quantum Affected