Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 21 Jul 2014 07:53:39 -0400
From: Tristan Cacqueray <>
Subject: [OSSA 2014-025] Denial of Service in Neutron allowed address pair

OpenStack Security Advisory: 2014-025
CVE: CVE-2014-3555
Date: July 17, 2014
Title: Denial of Service in Neutron allowed address pair
Reporter: Liping Mao (Cisco)
Products: Neutron
Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.1

Liping Mao from Cisco reported a denial of service vulnerability in
Neutron's handling of allowed address pair. By creating a large number
of allowed address pairs, an authenticated user may overwhelm neutron
firewall rules and render compute nodes unusable. All Neutron setups are

Juno (development branch) fix:

Icehouse fix:

Havana fix:

This fix will be included in the Juno-2 development milestone and in
future 2013.2.4 and 2014.1.2 releases.


Tristan Cacqueray
OpenStack Vulnerability Management Team

Download attachment "signature.asc" of type "application/pgp-signature" (539 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ