CVE-2014-0592
Barclamp 1.7 - Security Group Bypass via Unfiltered Bridge Traffic
Title source: llmDescription
Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66519
Issue Tracking x_refsource_confirm
https://github.com/crowbar/barclamp-network/pull/269
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57509
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=864183
Patch, Vendor Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00025.html
Scores
EPSS
0.0036
EPSS Percentile
58.2%
Details
CWE
CWE-264
Status
published
Products (2)
crowbar/barclamp
1.7
novell/suse_cloud
3.0
Published
Apr 04, 2014
Tracked Since
Feb 18, 2026