QwikSec

Security Database

CVE

CWE

Training

CVE-2019-9735

Published: Mar 13, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://launchpad.net/bugs/1818385

x_refsource_MISC

https://security.openstack.org/ossa/OSSA-2019-001.html

x_refsource_CONFIRM

[oss-security] 20190318 [OSSA-2019-001] Unsupported dport option prevents applying security groups in OpenStack Neutron (CVE-2019-9735)

mailing-list

x_refsource_MLIST

20190319 [SECURITY] [DSA 4409-1] neutron security update

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.