[Openstack-security] [Bug 1244025] Re: Remote security group criteria don't work in Midonet plugin
Bryan D. Payne
bdpayne at acm.org
Wed Dec 11 20:52:27 UTC 2013
I have commented on the bug. Thanks for bringing this to OSSG's
attention.
Cheers,
-bryan
On Wed, Dec 11, 2013 at 6:59 AM, Thierry Carrez <thierry.carrez+lp at gmail.com
> wrote:
> OSSG: please see backlog of the discussion on this. Do you think it
> warrants an advisory if the code is vulnerable but is not really found
> in the wild ?
>
> --
> You received this bug notification because you are a member of OpenStack
> Security Group, which is subscribed to OpenStack.
> https://bugs.launchpad.net/bugs/1244025
>
> Title:
> Remote security group criteria don't work in Midonet plugin
>
> Status in OpenStack Neutron (virtual network service):
> New
> Status in OpenStack Security Advisories:
> Incomplete
>
> Bug description:
> When creating a security rule that specifies a remote security group
> (rather than a CIDR range), the Midonet plugin does not enforce this
> criterion. With an egress rule, for example, one of the criteria for a
> particular rule may be that only traffic to security group A will be
> allowed out. This criterion is ignored, and traffic will be allowed
> out regardless of the destination security group, provided that it
> conforms to the rule's other criteria.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/neutron/+bug/1244025/+subscriptions
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1244025
Title:
Remote security group criteria don't work in Midonet plugin
Status in OpenStack Neutron (virtual network service):
New
Status in OpenStack Security Advisories:
Incomplete
Bug description:
When creating a security rule that specifies a remote security group
(rather than a CIDR range), the Midonet plugin does not enforce this
criterion. With an egress rule, for example, one of the criteria for a
particular rule may be that only traffic to security group A will be
allowed out. This criterion is ignored, and traffic will be allowed
out regardless of the destination security group, provided that it
conforms to the rule's other criteria.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1244025/+subscriptions
More information about the Openstack-security
mailing list