OSSA-2014-039: Neutron DoS through invalid DNS configuration

OSSA-2014-039: Neutron DoS through invalid DNS configuration


November 19, 2014




  • Neutron: up to 2014.1.3 and 2014.2


Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported a vulnerability in Neutron. By configuring a maliciously crafted dns_nameservers an authenticated user may crash Neutron service resulting in a denial of service attack. All Neutron setups are affected.


The former fix did not take into account the usage of hostnames as nameserver and caused a regression for this use-case. This update provides an additional fix for that issue.


  • Henry Yamauchi from Rackspace (CVE-2014-7821)

  • Charles Neill from Rackspace (CVE-2014-7821)

  • Michael Xin from Rackspace (CVE-2014-7821)


  • These fixes are included in the 2014.2.1 release and will be included in a future 2014.1.4 release.

OSSA History

  • 2014-12-10 - Errata 1

  • 2014-11-19 - Original Version

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.