yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1708580] Re: ovsfw ignores port_ranges under some conditions

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Tristan Cacqueray <tdecacqu@xxxxxxxxxx>
Date: Mon, 06 Nov 2017 04:41:05 -0000
Reply-to: Bug 1708580 <1708580@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

IWAMOTO, I guess you could use this definition:
https://cve.mitre.org/about/terminology.html#vulnerability

Then regarding the OSSA task, we don't issue advisories for experimental
feature, and if I understand correctly, ovsfw is still
experimental/incomplete. Thus if it's not a class D, then it is at best
a class B3.

I have created an OSSN task to discuss the scope of this bug, perhaps it
could use a security note.

** Also affects: ossn
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1708580

Title:
  ovsfw ignores port_ranges under some conditions

Status in neutron:
  Fix Released
Status in OpenStack Security Advisory:
  Incomplete
Status in OpenStack Security Notes:
  New

Bug description:
  ovsfw ignores port_ranges when protocol is not literal udp or tcp.
  sctp and numeric protocol values don't work and result in too permissive filtering.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1708580/+subscriptions

References

[Bug 1708580] [NEW] ovsfw ignores port_ranges under some conditions
From: IWAMOTO Toshihiro, 2017-08-04