Date: Wed, 19 Nov 2014 23:12:07 +0100 From: Tristan Cacqueray <tristan.cacqueray@...vance.com> To: oss-security@...ts.openwall.com Subject: [OSSA 2014-039] Neutron DoS through invalid DNS configuration (CVE-2014-7821) OpenStack Security Advisory: 2014-039 CVE: CVE-2014-7821 Date: November 19, 2014 Title: Neutron DoS through invalid DNS configuration Reporter: Henry Yamauchi, Charles Neill and Michael Xin (Rackspace) Products: Neutron Versions: up to 2014.1.3 and 2014.2 Description: Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported a vulnerability in Neutron. By configuring a maliciously crafted dns_nameservers an authenticated user may crash Neutron service resulting in a denial of service attack. All Neutron setups are affected. Kilo (development branch) fix: https://review.openstack.org/135616 Juno fix: https://review.openstack.org/135623 Icehouse fix: https://review.openstack.org/135624 Notes: This fix will be included in future 2014.1.4 and 2014.2.1 releases. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7821 https://launchpad.net/bugs/1378450 -- Tristan Cacqueray OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (539 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.