Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 18 Jun 2014 07:39:05 -0400
From: Tristan Cacqueray <tristan.cacqueray@...vance.com>
To: oss-security@...ts.openwall.com
Subject: [OSSA 2014-019] Neutron L3-agent DoS through IPv6 subnet (CVE-2014-4167)

OpenStack Security Advisory: 2014-019
CVE: CVE-2014-4167
Date: June 18, 2014
Title: Neutron L3-agent DoS through IPv6 subnet
Reporter: Thiago Martins (HP)
Products: Neutron
Versions: up to 2013.2.3, and 2014.1

Description:
Thiago Martins from Hewlett Packard reported a vulnerability in Neutron
L3-agent. By creating an IPv6 private subnet attached to a L3 router, an
authenticated user may break the L3-agent, preventing further floating
IPv4 addresses from being attached for the entire cloud. Note: removal
of the faulty network can not be done using the API and must be cleaned
at the database level. Only Neutron setups using IPv6 and L3-agent are
affected.

Juno (development branch) fix:
https://review.openstack.org/88584

Icehouse fix:
https://review.openstack.org/95938

Havana fix:
https://review.openstack.org/95939

Notes:
This fix will be included in the Juno-2 development milestone and in
future 2013.2.4 and 2014.1.2 releases.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4167
https://launchpad.net/bugs/1309195

--
Tristan Cacqueray
OpenStack Vulnerability Management Team


Download attachment "signature.asc" of type "application/pgp-signature" (539 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.