Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0592

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-0592
Last Modified 04 Apr 2014 12:20:45
Published 04 Apr 2014 10:55:19
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-0592

Summary

Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.

Vulnerable Systems

Application

  • Crowbar Barclamp 1.7

  • Novell Suse Cloud 3.0


References

SUSE - SUSE-SU-2014:0452

CONFIRM - https://github.com/crowbar/barclamp-network/pull/269

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=864183

BID - 66519

SECUNIA - 57509


Last Updated: 27 May 2016 11:03:22