Detections
Analytics

RHEL 6 : openstack-neutron (RHSA-2014:0091)

medium Nessus Plugin ID 210217

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0091 advisory.

 The openstack-neutron packages provide Openstack Networking (neutron), the virtual network service.

 It was discovered that the metadata agent in OpenStack Networking was missing an authorization check on the device ID that is bound to a specific port. A remote tenant could guess the instance ID bound to a port and retrieve metadata of another tenant, resulting in information disclosure.
 Note that only OpenStack Networking setups running neutron-metadata-agent were affected. (CVE-2013-6419)

 Red Hat would like to thank Jeremy Stanley of the OpenStack Project for reporting this issue. Upstream acknowledges Aaron Rosen of VMware as the original reporter.

 The openstack-neutron packages have been upgraded to upstream version 2013.2.1, which provides a number of bug fixes and enhancements over the previous version. The most notable fixes and enhancements are:

 - Support for multiple workers in the Neutron API. This can be achieved by setting the 'workers=' parameter in the neutron.conf file.

 - The downtime and report interval default settings are tuned for neutron agents.

 - The floating IP address stability has been enhanced.

 - A heartbeat-related deadlock problem in neutron-server has been fixed.

 (BZ#1045419)

 This update also fixes the following bugs:

 * An incorrect warning was displayed when running neutron-dhcp-agent with Red Hat Enterprise Linux's version of dnsmasq. This meant that users were incorrectly warned that Red Hat Enterprise Linux's dnsmasq version will not work with neutron-dhcp-agent. This warning has been removed, and will no longer be logged to the neutron-dhcp-agent log file. (BZ#1040196)

 * A bug in the QPID topic consumer re-connection logic (under the v2 topology) caused qpidd to use a malformed subscriber address after restarting, resulting in RPC requests sent to a topic with multiple servers ending up being incorrectly multicast to all servers. This update removes the special-case reconnect logic that handles UUID addresses, which in turn avoids the incorrect establishment of multiple subscription to the same fanout address. The QPID broker now simply automatically generates unique queue names when clients reconnect. (BZ#1045067)

 * Thread-consuming QPID messages were killed silently by unhandled errors, thus resulting in isolating the component from the rest of the system.
 With this update, consuming threads are made more resilient to errors by ensuring they do not die on an unhandled error. The error is now logged, and the consuming thread is retried. (BZ#1054249)

 In addition, this update adds the following enhancement:

 * Previously, instances connected to tenant networks gained outside connectivity by going through an SNAT by the L3 agent hosting that network's virtual router. With this release, the ability to disable SNAT/PAT on virtual servers is added ensuring that an instance in a tenant network subnet will retain its IP address as it passes through external networks. For example, if 10.0.0.1 is an instance in the 10.0.0.0/8 tenant network, R1, a virtual router that connects the 10.0.0.0/8 subnet to the 20.0.0.0/8 public provider networks, then you can use the 'neutron router-gateway-set --disable-snat R1 public' command and any traffic from 10.0.0.1, which is forwarded out to the provider network, will retain its actual source IP address of 10.0.0.1. This can be a flexible and useful method to connect instances directly to a provider network, while retaining it in a tenant network. (BZ#1046070)

 All openstack-neutron users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1038737

https://bugzilla.redhat.com/show_bug.cgi?id=1039148

https://bugzilla.redhat.com/show_bug.cgi?id=1039528

https://bugzilla.redhat.com/show_bug.cgi?id=1040196

https://bugzilla.redhat.com/show_bug.cgi?id=1045067

https://bugzilla.redhat.com/show_bug.cgi?id=1046070

https://bugzilla.redhat.com/show_bug.cgi?id=1046087

https://bugzilla.redhat.com/show_bug.cgi?id=1054249

http://www.nessus.org/u?9870365c

https://access.redhat.com/errata/RHSA-2014:0091

Plugin Details

Severity: Medium

ID: 210217

File Name: redhat-RHSA-2014-0091.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/4/2024

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2013-6419

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:python-neutron, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-openvswitch, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-ryu, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-mellanox, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-vpn-agent, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-nec, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-linuxbridge, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-metering-agent, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-midonet, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-cisco, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-ml2, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-plumgrid, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-metaplugin, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-hyperv, p-cpe:/a:redhat:enterprise_linux:openstack-neutron, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-nicira, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-brocade, p-cpe:/a:redhat:enterprise_linux:openstack-neutron-bigswitch

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 1/22/2014

Vulnerability Publication Date: 12/11/2013

Reference Information

CVE: CVE-2013-6419

RHSA: 2014:0091