{"id":"UBUNTU-CVE-2019-9735","details":"An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)","modified":"2026-02-04T04:16:31.293246Z","published":"2019-03-12T00:00:00Z","related":["USN-4036-1"],"upstream":["CVE-2019-9735"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-9735"},{"type":"REPORT","url":"https://seclists.org/oss-sec/2019/q1/183"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4036-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-9735"}],"affected":[{"package":{"name":"neutron","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/neutron@2:8.4.0-0ubuntu7.4?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:8.4.0-0ubuntu7.4"}]}],"versions":["2:7.0.0-0ubuntu1","2:8.0.0~b1-0ubuntu2","2:8.0.0~b2-0ubuntu4","2:8.0.0~b2-0ubuntu5","2:8.0.0~b2-0ubuntu7","2:8.0.0~b3-0ubuntu1","2:8.0.0~rc1-0ubuntu1","2:8.0.0-0ubuntu1","2:8.1.0-0ubuntu0.16.04.2","2:8.1.2-0ubuntu1","2:8.2.0-0ubuntu1","2:8.3.0-0ubuntu1","2:8.3.0-0ubuntu1.1","2:8.3.0-0ubuntu1.2","2:8.4.0-0ubuntu1","2:8.4.0-0ubuntu2","2:8.4.0-0ubuntu3","2:8.4.0-0ubuntu4","2:8.4.0-0ubuntu5","2:8.4.0-0ubuntu6","2:8.4.0-0ubuntu7.1","2:8.4.0-0ubuntu7.2","2:8.4.0-0ubuntu7.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-bgp-dragent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-common"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-dhcp-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-l3-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-linuxbridge-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-macvtap-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-metadata-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-metering-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-openvswitch-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-plugin-linuxbridge-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-plugin-ml2"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-plugin-openvswitch-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-plugin-sriov-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-server"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"neutron-sriov-agent"},{"binary_version":"2:8.4.0-0ubuntu7.4","binary_name":"python-neutron"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9735.json"}},{"package":{"name":"neutron","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/neutron@2:12.0.6-0ubuntu1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:12.0.6-0ubuntu1"}]}],"versions":["2:11.0.1-0ubuntu1","2:12.0.0~b1-0ubuntu1","2:12.0.0~b1-0ubuntu2","2:12.0.0~b2-0ubuntu1","2:12.0.0~b3-0ubuntu1","2:12.0.0~rc1-0ubuntu1","2:12.0.0~rc2-0ubuntu1","2:12.0.0-0ubuntu1","2:12.0.0-0ubuntu1.1","2:12.0.0-0ubuntu1.2","2:12.0.0-0ubuntu1.3","2:12.0.0-0ubuntu1.4","2:12.0.0-0ubuntu2","2:12.0.0-0ubuntu3","2:12.0.1-0ubuntu1","2:12.0.1-0ubuntu1.1","2:12.0.2-0ubuntu1","2:12.0.3-0ubuntu1","2:12.0.5-0ubuntu1","2:12.0.5-0ubuntu4","2:12.0.5-0ubuntu5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-common"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-dhcp-agent"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-l3-agent"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-linuxbridge-agent"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-macvtap-agent"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-metadata-agent"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-metering-agent"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-openvswitch-agent"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-plugin-linuxbridge-agent"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-plugin-ml2"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-plugin-openvswitch-agent"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-plugin-sriov-agent"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-server"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"neutron-sriov-agent"},{"binary_version":"2:12.0.6-0ubuntu1","binary_name":"python-neutron"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9735.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}