OSSA-2014-039: Neutron DoS through invalid DNS configuration

OSSA-2014-039: Neutron DoS through invalid DNS configuration

Date:November 19, 2014
CVE:CVE-2014-7821

Affects

  • Neutron: up to 2014.1.3 and 2014.2

Description

Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported a vulnerability in Neutron. By configuring a maliciously crafted dns_nameservers an authenticated user may crash Neutron service resulting in a denial of service attack. All Neutron setups are affected.

Errata

The former fix did not take into account the usage of hostnames as nameserver and caused a regression for this use-case. This update provides an additional fix for that issue.

Credits

  • Henry Yamauchi from Rackspace (CVE-2014-7821)
  • Charles Neill from Rackspace (CVE-2014-7821)
  • Michael Xin from Rackspace (CVE-2014-7821)

Notes

  • These fixes are included in the 2014.2.1 release and will be included in a future 2014.1.4 release.

OSSA History

  • 2014-12-10 - Errata 1
  • 2014-11-19 - Original Version
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.