In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2019/08/29/2 | Mailing List Patch Third Party Advisory |
https://launchpad.net/bugs/1837252 | Issue Tracking Third Party Advisory |
https://review.opendev.org/672834 | Patch |
https://review.opendev.org/678098 | Patch |
https://security.openstack.org/ossa/OSSA-2019-004.html | Patch Vendor Advisory |
http://www.openwall.com/lists/oss-security/2019/08/29/2 | Mailing List Patch Third Party Advisory |
https://launchpad.net/bugs/1837252 | Issue Tracking Third Party Advisory |
https://review.opendev.org/672834 | Patch |
https://review.opendev.org/678098 | Patch |
https://security.openstack.org/ossa/OSSA-2019-004.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:29
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2019/08/29/2 - Mailing List, Patch, Third Party Advisory | |
References | () https://launchpad.net/bugs/1837252 - Issue Tracking, Third Party Advisory | |
References | () https://review.opendev.org/672834 - Patch | |
References | () https://review.opendev.org/678098 - Patch | |
References | () https://security.openstack.org/ossa/OSSA-2019-004.html - Patch, Vendor Advisory |
Information
Published : 2019-08-28 21:15
Updated : 2024-11-21 04:29
NVD link : CVE-2019-15753
Mitre link : CVE-2019-15753
CVE.ORG link : CVE-2019-15753
JSON object : View
Products Affected
openstack
- os-vif
CWE
CWE-770
Allocation of Resources Without Limits or Throttling