Date: Wed, 18 Jun 2014 07:39:05 -0400 From: Tristan Cacqueray <tristan.cacqueray@...vance.com> To: oss-security@...ts.openwall.com Subject: [OSSA 2014-019] Neutron L3-agent DoS through IPv6 subnet (CVE-2014-4167) OpenStack Security Advisory: 2014-019 CVE: CVE-2014-4167 Date: June 18, 2014 Title: Neutron L3-agent DoS through IPv6 subnet Reporter: Thiago Martins (HP) Products: Neutron Versions: up to 2013.2.3, and 2014.1 Description: Thiago Martins from Hewlett Packard reported a vulnerability in Neutron L3-agent. By creating an IPv6 private subnet attached to a L3 router, an authenticated user may break the L3-agent, preventing further floating IPv4 addresses from being attached for the entire cloud. Note: removal of the faulty network can not be done using the API and must be cleaned at the database level. Only Neutron setups using IPv6 and L3-agent are affected. Juno (development branch) fix: https://review.openstack.org/88584 Icehouse fix: https://review.openstack.org/95938 Havana fix: https://review.openstack.org/95939 Notes: This fix will be included in the Juno-2 development milestone and in future 2013.2.4 and 2014.1.2 releases. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4167 https://launchpad.net/bugs/1309195 -- Tristan Cacqueray OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (539 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.