OSSA-2015-001: L3 agent denial of service with radvd 2.0+

OSSA-2015-001: L3 agent denial of service with radvd 2.0+

Date

January 08, 2015

CVE

CVE-2014-8153

Affects

  • Neutron: 2014.2 version up to 2014.2.1

Description

Ihar Hrachyshka from Red Hat reported a vulnerability in Neutron. By creating 8 routers and assigning each of them a non-provider ipv6 subnet, a malicious user may block router update processing for all tenants, potentially resulting in a Denial of Service. Only Neutron setups running with radvd 2.0+ are affected.

Credits

  • Ihar Hrachyshka from Red Hat (CVE-2014-8153)

Notes

  • This fix will be included in a future 2014.2.2 release.

  • The OSSA announce format for the 2015 advisories has been changed to RST.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.