Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2014-1339.NASL
HistoryApr 24, 2024 - 12:00 a.m.

RHEL 6 : openstack-neutron (RHSA-2014:1339)

2024-04-2400:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
rhel 6
openstack-neutron
rhsa-2014:1339
cve-2014-3632
security update
vulnerability
red hat host
nessus
low
update package
cpe

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.1%

JSON

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1339 advisory.

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven     system that provisions networking services to virtual machines. Its main     function is to manage connectivity to and from virtual machines. As of Red     Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum'     as the core component of OpenStack Networking.

It was discovered that the openstack-neutron package in Red Hat Enterprise     Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6 was released     with a sudoers file containing a configuration error. This error caused     OpenStack Networking to be vulnerable to the CVE-2013-6433 issue.
(CVE-2014-3632)

This update also fixes the following bugs:

* Prior to this update, the Open vSwitch agent failed to process ports on     the integration bridge that quickly disappeared and reappeared during the     processing loop. When such a failure occurred, the processing of the port     was aborted (which is the correct behavior), but it was also marked as     processed, meaning that the next updates for the port were not applied when     it reappeared later. As a consequence, some ports were not VLAN-tagged     correctly, and that resulted in no network connectivity for those instances     that were bound to those ports. With this update, ports that are not on the     integration bridge are still not processed but also not marked as such.
Ports that disappear and then reappear later on the integration bridge are     processed correctly, and VLAN tag updates are properly applied.
(BZ#1123053)

* This update fixes an issue that caused connectivity to be dropped when     restarting the openvswitch service with l2pop enabled. (BZ#1120719)

* Due to an incorrect version of the python-httplib2 package specified in     the spec file, when a large amount of virtual machines (VMs) was launched,     some of the VMs could be assigned two private IP addresses. (BZ#1126451)

All openstack-neutron users are advised to upgrade to these updated     packages, which correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2014:1339. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(193842);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");

  script_cve_id("CVE-2014-3632");
  script_xref(name:"RHSA", value:"2014:1339");

  script_name(english:"RHEL 6 : openstack-neutron (RHSA-2014:1339)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update for openstack-neutron.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in
the RHSA-2014:1339 advisory.

    OpenStack Networking (neutron) is a pluggable, scalable, and API-driven
    system that provisions networking services to virtual machines. Its main
    function is to manage connectivity to and from virtual machines. As of Red
    Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum'
    as the core component of OpenStack Networking.

    It was discovered that the openstack-neutron package in Red Hat Enterprise
    Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6 was released
    with a sudoers file containing a configuration error. This error caused
    OpenStack Networking to be vulnerable to the CVE-2013-6433 issue.
    (CVE-2014-3632)

    This update also fixes the following bugs:

    * Prior to this update, the Open vSwitch agent failed to process ports on
    the integration bridge that quickly disappeared and reappeared during the
    processing loop. When such a failure occurred, the processing of the port
    was aborted (which is the correct behavior), but it was also marked as
    processed, meaning that the next updates for the port were not applied when
    it reappeared later. As a consequence, some ports were not VLAN-tagged
    correctly, and that resulted in no network connectivity for those instances
    that were bound to those ports. With this update, ports that are not on the
    integration bridge are still not processed but also not marked as such.
    Ports that disappear and then reappear later on the integration bridge are
    processed correctly, and VLAN tag updates are properly applied.
    (BZ#1123053)

    * This update fixes an issue that caused connectivity to be dropped when
    restarting the openvswitch service with l2pop enabled. (BZ#1120719)

    * Due to an incorrect version of the python-httplib2 package specified in
    the spec file, when a large amount of virtual machines (VMs) was launched,
    some of the VMs could be assigned two private IP addresses. (BZ#1126451)

    All openstack-neutron users are advised to upgrade to these updated
    packages, which correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#low");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1126451");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1128194");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1140949");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2014/rhsa-2014_1339.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ab85ec5a");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:1339");
  script_set_attribute(attribute:"solution", value:
"Update the RHEL openstack-neutron package based on the guidance in RHSA-2014:1339.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3632");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_severity", value:"Low");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-bigswitch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-brocade");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-cisco");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-hyperv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-ibm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-linuxbridge");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-mellanox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-metaplugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-metering-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-midonet");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-ml2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-nec");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-ofagent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-oneconvergence-nvsd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-openvswitch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-plumgrid");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-ryu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-vmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-neutron-vpn-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-neutron");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/6/6Server/x86_64/openstack/5.0/debug',
      'content/dist/rhel/server/6/6Server/x86_64/openstack/5.0/os',
      'content/dist/rhel/server/6/6Server/x86_64/openstack/5.0/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'openstack-neutron-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-bigswitch-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-brocade-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-cisco-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-hyperv-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-ibm-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-linuxbridge-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-mellanox-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-metaplugin-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-metering-agent-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-midonet-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-ml2-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-nec-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-ofagent-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-oneconvergence-nvsd-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-openvswitch-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-plumgrid-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-ryu-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-vmware-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-neutron-vpn-agent-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'python-neutron-2014.1.2-4.el6ost', 'release':'6', 'el_string':'el6ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openstack-neutron / openstack-neutron-bigswitch / etc');
}
VendorProductVersionCPE
redhatenterprise_linuxopenstack-neutron-vmwarep-cpe:/a:redhat:enterprise_linux:openstack-neutron-vmware
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linuxpython-neutronp-cpe:/a:redhat:enterprise_linux:python-neutron
redhatenterprise_linuxopenstack-neutron-openvswitchp-cpe:/a:redhat:enterprise_linux:openstack-neutron-openvswitch
redhatenterprise_linuxopenstack-neutron-ryup-cpe:/a:redhat:enterprise_linux:openstack-neutron-ryu
redhatenterprise_linuxopenstack-neutron-mellanoxp-cpe:/a:redhat:enterprise_linux:openstack-neutron-mellanox
redhatenterprise_linuxopenstack-neutron-vpn-agentp-cpe:/a:redhat:enterprise_linux:openstack-neutron-vpn-agent
redhatenterprise_linuxopenstack-neutron-necp-cpe:/a:redhat:enterprise_linux:openstack-neutron-nec
redhatenterprise_linuxopenstack-neutron-linuxbridgep-cpe:/a:redhat:enterprise_linux:openstack-neutron-linuxbridge
redhatenterprise_linuxopenstack-neutron-metering-agentp-cpe:/a:redhat:enterprise_linux:openstack-neutron-metering-agent
Rows per page:
1-10 of 221

Related

prion 2
ubuntucve 3
redhat 2
veracode 3
nvd 2
cvelist 2
cve 2
debiancve 2
openvas 1
ubuntu 1
nessus 1
securityvulns 1
prion
prion
Design/Logic Flaw
2014-10-07 14:55:00
Default configuration
2014-06-02 15:55:00
ubuntucve
ubuntucve
CVE-2014-3632
2014-10-07 00:00:00
CVE-2013-1068
2014-06-17 00:00:00
CVE-2013-6433
2014-06-02 00:00:00
redhat
redhat
(RHSA-2014:1339) Low: openstack-neutron security and bug fix update
2014-09-30 00:00:00
(RHSA-2014:0516) Moderate: openstack-neutron security, bug fix, and enhancement update
2014-05-29 00:00:00
veracode
veracode
Privilege Escalation
2019-01-15 09:02:09
Privilege Escalation
2019-01-15 09:01:48
Information Disclosure
2019-05-02 04:58:09
nvd
nvd
CVE-2014-3632
2014-10-07 14:55:04
CVE-2013-6433
2014-06-02 15:55:10
cvelist
cvelist
CVE-2014-3632
2014-10-07 14:00:00
CVE-2013-6433
2014-06-02 15:00:00
cve
cve
CVE-2014-3632
2014-10-07 14:55:04
CVE-2013-6433
2014-06-02 15:55:10
debiancve
debiancve
CVE-2014-3632
2014-10-07 14:55:04
CVE-2013-6433
2014-06-02 15:55:10
openvas
openvas
Ubuntu: Security Advisory (USN-2255-1)
2014-07-01 00:00:00
ubuntu
ubuntu
OpenStack Neutron vulnerabilities
2014-06-25 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : OpenStack Neutron vulnerabilities (USN-2255-1)
2014-06-26 00:00:00
securityvulns
securityvulns
OpenStack multiple security vulnerabilities
2014-08-24 00:00:00

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.1%

JSON
Related for REDHAT-RHSA-2014-1339.NASL
prion2ubuntucve3redhat2veracode3nvd2cvelist2cve2debiancve2openvas1ubuntu1nessus1securityvulns1