Date: Thu, 08 Jan 2015 12:53:59 -0500 From: Tristan Cacqueray <tristan.cacqueray@...vance.com> To: oss-security@...ts.openwall.com Subject: [OSSA 2015-001] L3 agent denial of service with radvd 2.0+ (CVE-2014-8153) ========================================================= OSSA-2015-001: L3 agent denial of service with radvd 2.0+ ========================================================= :Date: January 08, 2015 :CVE: CVE-2014-8153 Affects ~~~~~~~ - Neutron: 2014.2 version up to 2014.2.1 Description ~~~~~~~~~~~ Ihar Hrachyshka from Red Hat reported a vulnerability in Neutron. By creating 8 routers and assigning each of them a non-provider ipv6 subnet, a malicious user may block router update processing for all tenants, potentially resulting in a Denial of Service. Only Neutron setups running with radvd 2.0+ are affected. Patches ~~~~~~~ - https://review.openstack.org/141575 (Juno) - https://review.openstack.org/138688 (Kilo) Credits ~~~~~~~ - Ihar Hrachyshka from Red Hat (CVE-2014-8153) References ~~~~~~~~~~ - https://launchpad.net/bugs/1399172 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8153 Notes ~~~~~ - This fix will be included in a future 2014.2.2 release. - The OSSA announce format for the 2015 advisories has been changed to RST. -- Tristan Cacqueray OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ