Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 18 Jun 2014 07:39:05 -0400
From: Tristan Cacqueray <>
Subject: [OSSA 2014-019] Neutron L3-agent DoS through IPv6 subnet (CVE-2014-4167)

OpenStack Security Advisory: 2014-019
CVE: CVE-2014-4167
Date: June 18, 2014
Title: Neutron L3-agent DoS through IPv6 subnet
Reporter: Thiago Martins (HP)
Products: Neutron
Versions: up to 2013.2.3, and 2014.1

Thiago Martins from Hewlett Packard reported a vulnerability in Neutron
L3-agent. By creating an IPv6 private subnet attached to a L3 router, an
authenticated user may break the L3-agent, preventing further floating
IPv4 addresses from being attached for the entire cloud. Note: removal
of the faulty network can not be done using the API and must be cleaned
at the database level. Only Neutron setups using IPv6 and L3-agent are

Juno (development branch) fix:

Icehouse fix:

Havana fix:

This fix will be included in the Juno-2 development milestone and in
future 2013.2.4 and 2014.1.2 releases.


Tristan Cacqueray
OpenStack Vulnerability Management Team

Download attachment "signature.asc" of type "application/pgp-signature" (539 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.