Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15753

Опубликовано: 28 авг. 2019
Источник: redhat
CVSS3: 5.2
EPSS Низкий

Описание

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.

Отчет

Red Hat OpenStack Platform 10, 13, & 14: This vulnerability has been rated as having a security impact of Moderate. The vulnerable code is not present in the python-os-vif packages provided, therefore these releases of Red Hat OpenStack Platform are unaffected.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 10 (Newton)python-os-vifNot affected
Red Hat OpenStack Platform 13 (Queens)python-os-vifNot affected
Red Hat OpenStack Platform 14 (Rocky)python-os-vifNot affected
Red Hat OpenStack Platform 15 (Stein)python-os-vifWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
Дефект:
CWE-406
https://bugzilla.redhat.com/show_bug.cgi?id=1747255python-os-vif: Hard-coded MAC aging time of 0 disables MAC learning in linuxbridge

EPSS

Процентиль: 76%
0.00965
Низкий

5.2 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15753

CVSS3: 9.1
ubuntu
больше 6 лет назад

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.

nvd логотип

CVE-2019-15753

CVSS3: 9.1
nvd
больше 6 лет назад

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.

debian логотип

CVE-2019-15753

CVSS3: 9.1
debian
больше 6 лет назад

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC ...

github логотип

GHSA-mcpw-cp35-p3h8

CVSS3: 9.1
github
больше 3 лет назад

OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning

EPSS

Процентиль: 76%
0.00965
Низкий

5.2 Medium

CVSS3