Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 19 Nov 2014 23:12:07 +0100
From: Tristan Cacqueray <tristan.cacqueray@...vance.com>
To: oss-security@...ts.openwall.com
Subject: [OSSA 2014-039] Neutron DoS through invalid DNS configuration (CVE-2014-7821)

OpenStack Security Advisory: 2014-039
CVE: CVE-2014-7821
Date: November 19, 2014
Title: Neutron DoS through invalid DNS configuration
Reporter: Henry Yamauchi, Charles Neill and Michael Xin (Rackspace)
Products: Neutron
Versions: up to 2014.1.3 and 2014.2

Description:
Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported
a vulnerability in Neutron. By configuring a maliciously crafted
dns_nameservers an authenticated user may crash Neutron service
resulting in a denial of service attack. All Neutron setups are affected.

Kilo (development branch) fix:
https://review.openstack.org/135616

Juno fix:
https://review.openstack.org/135623

Icehouse fix:
https://review.openstack.org/135624

Notes:
This fix will be included in future 2014.1.4 and 2014.2.1 releases.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7821
https://launchpad.net/bugs/1378450

-- 
Tristan Cacqueray
OpenStack Vulnerability Management Team


Download attachment "signature.asc" of type "application/pgp-signature" (539 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.