UBUNTU-CVE-2017-5936

Source
https://ubuntu.com/security/CVE-2017-5936
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-5936.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-5936
Related
Published
2017-02-08T00:00:00Z
Modified
2025-01-13T10:21:20Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

References

Affected packages

Ubuntu:16.04:LTS / nova-lxd

Package

Name
nova-lxd
Purl
pkg:deb/ubuntu/nova-lxd@13.2.0-0ubuntu1.16.04.1?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.2.0-0ubuntu1.16.04.1

Affected versions

0.*

0.18+git201512020918.146ccc8-0ubuntu1
0.19.0-0ubuntu1

13.*

13.0.0~b2-0ubuntu2
13.0.0~b3-0ubuntu1
13.0.0~b3-0ubuntu2
13.0.0-0ubuntu1
13.0.0-0ubuntu2
13.0.0-0ubuntu3
13.0.0-0ubuntu3.1
13.2.0-0ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "13.2.0-0ubuntu1.16.04.1",
            "binary_name": "nova-compute-lxd"
        },
        {
            "binary_version": "13.2.0-0ubuntu1.16.04.1",
            "binary_name": "python-nova-lxd"
        },
        {
            "binary_version": "13.2.0-0ubuntu1.16.04.1",
            "binary_name": "python-nova.lxd"
        }
    ]
}