CVE-2016-5363
Description
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
CVE-2016-5363 NameCVE-2016-5363 DescriptionThe IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec,โฆ
CVE-2016-5363
| Name | CVE-2016-5363 |
| Description | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| neutron (PTS) | bullseye (security), bullseye | 2:17.2.1-0+deb11u1 | fixed |
| bookworm | 2:21.0.0-7 | fixed | |
| trixie | 2:26.0.0-9 | fixed | |
| forky | 2:27.0.1-6 | fixed | |
| sid | 2:28.0.0-6 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| neutron | source | (unstable) | 2:8.1.2-1 |
Notes
[jessie] - neutron <no-dsa> (Minor issue)
https://bugs.launchpad.net/bugs/1558658
Apply commands
[jessie] - neutron <no-dsa> (Minor issue)https://bugs.launchpad.net/bugs/1558658OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2:8.1.2-1 |
| sid | Fixed | 2:8.1.2-1 |
| forky | Fixed | 2:8.1.2-1 |
| bullseye | Fixed | 2:8.1.2-1 |
| bookworm | Fixed | 2:8.1.2-1 |
References
- http://www.openwall.com/lists/oss-security/2016/06/10/5
- http://www.openwall.com/lists/oss-security/2016/06/10/6
- https://access.redhat.com/errata/RHSA-2016:1473
- https://access.redhat.com/errata/RHSA-2016:1474
- https://bugs.launchpad.net/neutron/+bug/1558658
- https://review.openstack.org/#/c/299021/
- https://review.openstack.org/#/c/299023/
- https://review.openstack.org/#/c/299025/
- https://security.openstack.org/ossa/OSSA-2016-009.html
- https://www.suse.com/security/cve/CVE-2016-5363.html
- https://nvd.nist.gov/vuln/detail/CVE-2016-5363
- https://github.com/openstack/neutron/commit/5853af9cba6733725d6c9ac0db644f426713f0cf
- https://github.com/openstack/neutron/commit/6a93ee8ac1a901c255e3475a24f1afc11d8bf80f
- https://github.com/openstack/neutron/commit/997d7b03fb7f5528f0a3ce70867b9dcd9321509e
- https://github.com/openstack/neutron/commit/fd5fd259a02156babdfcb12f66cde6ec9e7274ae
- https://github.com/openstack/neutron
- https://review.openstack.org/#/c/299021
- https://review.openstack.org/#/c/299023
- https://review.openstack.org/#/c/299025
- https://security-tracker.debian.org/tracker/CVE-2016-5363
CWEs
CWE-254
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.