OSSA-2014-019: Neutron L3-agent DoS through IPv6 subnet

OSSA-2014-019: Neutron L3-agent DoS through IPv6 subnet¶

Date:: June 18, 2014
CVE:: CVE-2014-4167

Affects¶

Neutron: TODO

Description¶

Thiago Martins from Hewlett Packard reported a vulnerability in Neutron L3-agent. By creating an IPv6 private subnet attached to a L3 router, an authenticated user may break the L3-agent, preventing further floating IPv4 addresses from being attached for the entire cloud. Note: removal of the faulty network can not be done using the API and must be cleaned at the database level. Only Neutron setups using IPv6 and L3-agent are affected.

Patches¶

https://review.openstack.org/#/c/88584 (Links)
https://review.openstack.org/#/c/95938 (Links)
https://review.openstack.org/#/c/95939 (Links)

Credits¶

Thiago Martins from HP (CVE-2014-4167)

References¶

this page last updated: 2024-10-03 16:29:15

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.