** Information type changed from Private Security to Public
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1380669
Title:
precreated router ports can enable cross tenant plugging
Status in OpenStack Neutron (virtual network service):
Fix Released
Status in neutron icehouse series:
New
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
Previously we addressed the case where a tenant could attached a port
to another tenant's router by knowing (or guessing) an existing router
UUID [1]. The fix only prevents a tenant from attaching to existing
routers, but does not defend against speculative router port creation.
In systems where randomness is low, speculation of the result of
uuid4() can allow a tenant to predict the ids of future routers
enabling cross-tenant plugging since device_id is assumed to be
trusted and queries are not scoped by tenant.
The vulnerability was closed in Juno by the work to prevent orphaned
ports [2].
That fix for Icehouse cannot be back ported since it adds new models
and requires a database migration. A separate fix will be proposed
for Icehouse and regression tests will be proposed for Juno.
[1] https://bugs.launchpad.net/neutron/+bug/1243327
[2] https://bugs.launchpad.net/neutron/+bug/1378866
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1380669/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
