OSSA-2015-001: L3 agent denial of service with radvd 2.0+

OSSA-2015-001: L3 agent denial of service with radvd 2.0+¶

Date:: January 08, 2015
CVE:: CVE-2014-8153

Affects¶

Neutron: 2014.2 version up to 2014.2.1

Description¶

Ihar Hrachyshka from Red Hat reported a vulnerability in Neutron. By creating 8 routers and assigning each of them a non-provider ipv6 subnet, a malicious user may block router update processing for all tenants, potentially resulting in a Denial of Service. Only Neutron setups running with radvd 2.0+ are affected.

Patches¶

https://review.openstack.org/141575 (Juno)
https://review.openstack.org/138688 (Kilo)

Credits¶

Ihar Hrachyshka from Red Hat (CVE-2014-8153)

References¶

Notes¶

This fix will be included in a future 2014.2.2 release.
The OSSA announce format for the 2015 advisories has been changed to RST.

this page last updated: 2024-10-03 16:29:15

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.