Vulnerability Description
Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Crowbar | Barclamp | 1.7 |
| Novell | Suse Cloud | 3.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00025.htmlPatchVendor Advisory
- http://secunia.com/advisories/57509Vendor Advisory
- http://www.securityfocus.com/bid/66519
- https://bugzilla.novell.com/show_bug.cgi?id=864183
- https://github.com/crowbar/barclamp-network/pull/269
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00025.htmlPatchVendor Advisory
- http://secunia.com/advisories/57509Vendor Advisory
- http://www.securityfocus.com/bid/66519
- https://bugzilla.novell.com/show_bug.cgi?id=864183
- https://github.com/crowbar/barclamp-network/pull/269
FAQ
What is CVE-2014-0592?
CVE-2014-0592 is a vulnerability with a CVSS score of 7.5 (HIGH). Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass securi...
How severe is CVE-2014-0592?
CVE-2014-0592 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0592?
Check the references section above for vendor advisories and patch information. Affected products include: Crowbar Barclamp, Novell Suse Cloud.