Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure

Our news feeds are filled with reports of malicious attacks on open source code at the project source, most of which are bad actors leveraging code bases for their own gain. While we’re taking this growing issue, more seriously than anyone else, we’re also not taking our eye off the thousands of other types of vulnerabilities that are just as important to understand. 

For instance, sometimes a well meaning code upgrade meant to improve developer experience and migration performance for one component ends up creating a problem with another and in so doing, opens up an opportunity for attack. Such is the case with September’s Nexus Intelligence Insight CVE-2019-15753, a potential DoS, information exposure vulnerability. In this edition, we’ll cover a PyPI component that by mishandling MAC address table aging, creates a vector for compromise. We’ll talk about how that mishandling could be leveraged and what developers using this code can do to mitigate their risk.

Name of Vulnerability:  CVE-2019-15753

Type of Vulnerability: DoS, Information Exposure

Component Name: OpenStack `os-vif`

Components Affected: PyPI: `os-vif`: [1.15.0, 1.17.0)


CVSS 3.0 Score: 9.1 CRITICAL

CVSS 3.0 Metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 

Vulnerability Description:

The ‘os-vif’ package is vulnerable to Improper Input Validation leading to Denial of Service (DoS), potential sensitive Information Exposure, and other security issues. The ‘add’ function in ‘’ contains a hardcoded value of ‘0’ for ‘IFLA_BR_AGEING_TIME’ which disables MAC learning ageing indefinitely. An attacker can exploit this vulnerability on certain deployments (which use the linuxbridge backend) to disrupt network performance and potentially intercept packets belonging to other hosts present on the same network.

The unintentional hard coding of the MAC address aging set to 0 for edge case migration issues when code was being deployed, created a potential vulnerability for deployments using (Read more…)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Elisa Velarde. Read the original post at: