OSSA-2014-025: Denial of Service in Neutron allowed address pair

OSSA-2014-025: Denial of Service in Neutron allowed address pair

Date

July 17, 2014

CVE

CVE-2014-3555

Affects

  • Neutron: up to 2013.2.3, and 2014.1 versions up to 2014.1.1

Description

Liping Mao from Cisco reported a denial of service vulnerability in Neutron’s handling of allowed address pair. By creating a large number of allowed address pairs, an authenticated user may overwhelm neutron firewall rules and render compute nodes unusable. All Neutron setups are affected.

Credits

  • Liping Mao from Cisco (CVE-2014-3555)

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.