CVE-2014-0592

Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
crowbarbarclamp
1.7
novellsuse_cloud
3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00025.html
http://secunia.com/advisories/57509
http://www.securityfocus.com/bid/66519
https://bugzilla.novell.com/show_bug.cgi?id=864183
https://github.com/crowbar/barclamp-network/pull/269
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00025.html
http://secunia.com/advisories/57509
http://www.securityfocus.com/bid/66519
https://bugzilla.novell.com/show_bug.cgi?id=864183
https://github.com/crowbar/barclamp-network/pull/269