CVE-2016-5362

Опубликовано: 29 мар. 2016

Источник: redhat

CVSS3: 6.3

CVSS2: 6.5

EPSS Низкий

Описание

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.

Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	openstack-neutron	Will not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	openstack-neutron	Will not fix
Red Hat OpenStack Platform 10 (Newton)	openstack-neutron	Not affected
Red Hat OpenStack Platform 9 (Mitaka)	openstack-neutron	Affected
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7	openstack-neutron	Fixed	RHSA-2016:1474	20.07.2016
Red Hat OpenStack Platform 8.0 (Liberty)	openstack-neutron	Fixed	RHSA-2016:1473	20.07.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=1345889openstack-neutron: DHCP spoofing vulnerability

EPSS

Процентиль: 91%

0.0631

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS2

Связанные уязвимости

CVE-2016-5362

CVSS3: 8.2

ubuntu

больше 9 лет назад

CVE-2016-5362

CVSS3: 8.2

nvd

больше 9 лет назад

CVE-2016-5362

CVSS3: 8.2

debian

больше 9 лет назад

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 thro ...

GHSA-qpwc-p365-pqrr

CVSS3: 8.2

github

больше 3 лет назад

OpenStack Neutron allows remote attackers to bypass an intended DHCP-spoofing protection mechanism

EPSS

Процентиль: 91%

0.0631

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS2