Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 08 Jan 2015 12:53:59 -0500
From: Tristan Cacqueray <tristan.cacqueray@...vance.com>
To: oss-security@...ts.openwall.com
Subject: [OSSA 2015-001] L3 agent denial of service with radvd 2.0+ (CVE-2014-8153)

=========================================================
OSSA-2015-001: L3 agent denial of service with radvd 2.0+
=========================================================

:Date: January 08, 2015
:CVE: CVE-2014-8153


Affects
~~~~~~~
- Neutron: 2014.2 version up to 2014.2.1


Description
~~~~~~~~~~~
Ihar Hrachyshka from Red Hat reported a vulnerability in Neutron. By
creating 8 routers and assigning each of them a non-provider ipv6
subnet, a malicious user may block router update processing for all
tenants, potentially resulting in a Denial of Service. Only Neutron
setups running with radvd 2.0+ are affected.


Patches
~~~~~~~
- https://review.openstack.org/141575 (Juno)
- https://review.openstack.org/138688 (Kilo)


Credits
~~~~~~~
- Ihar Hrachyshka from Red Hat (CVE-2014-8153)


References
~~~~~~~~~~
- https://launchpad.net/bugs/1399172
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8153


Notes
~~~~~
- This fix will be included in a future 2014.2.2 release.
- The OSSA announce format for the 2015 advisories has been changed to
  RST.

--
Tristan Cacqueray
OpenStack Vulnerability Management Team


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ