[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] [OSSA-2021-004] Neutron: Linuxbridge ARP filter bypass on Netfilter platforms (CV
From: Jeremy Stanley <fungi () yuggoth ! org>
Date: 2021-08-17 18:02:51
Message-ID: 20210817180250.qm2d6wicxwjif3jq () yuggoth ! org
[Download RAW message or body]
On 2021-08-17 19:30:21 +0200 (+0200), Jan Engelhardt wrote:
>
> On Tuesday 2021-08-17 17:17, Jeremy Stanley wrote:
> >Description
> >~~~~~~~~~~~
> >Jake Yip with ARDC and Justin Mammarella with the University of
> >Melbourne reported a vulnerability in Neutron's linuxbridge driver
> >on newer Netfilter-based platforms (the successor to IPTables).
>
> ip_tables is running atop the netfilter API, so.... it's
> not an ordered set with predecessors and successors.
Yes, thanks. It would have been more accurate to draw the comparison
between ebtables and ebtables-nft, which is where the underlying
problem arises. I was trying not to get too into the weeds with
technical detail for the general user audience, who may not be
particularly aware of the names for layer 2 filtering mechanisms,
but I agree this wording is also mildly misleading as a result.
Should I have said "Netfilter-based platforms (the successor to
legacy IPTables)" instead, to differentiate it from Netfilter-based
IPTables?
--
Jeremy Stanley
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic