|
Message-ID: <53CCFF43.8030209@enovance.com>
Date: Mon, 21 Jul 2014 07:53:39 -0400
From: Tristan Cacqueray <tristan.cacqueray@...vance.com>
To: oss-security@...ts.openwall.com
Subject: [OSSA 2014-025] Denial of Service in Neutron allowed address pair
(CVE-2014-3555)
OpenStack Security Advisory: 2014-025
CVE: CVE-2014-3555
Date: July 17, 2014
Title: Denial of Service in Neutron allowed address pair
Reporter: Liping Mao (Cisco)
Products: Neutron
Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.1
Description:
Liping Mao from Cisco reported a denial of service vulnerability in
Neutron's handling of allowed address pair. By creating a large number
of allowed address pairs, an authenticated user may overwhelm neutron
firewall rules and render compute nodes unusable. All Neutron setups are
affected.
Juno (development branch) fix:
https://review.openstack.org/107734
Icehouse fix:
https://review.openstack.org/107733
Havana fix:
https://review.openstack.org/107731
Notes:
This fix will be included in the Juno-2 development milestone and in
future 2013.2.4 and 2014.1.2 releases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3555
https://launchpad.net/bugs/1336207
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
Download attachment "signature.asc" of type "application/pgp-signature" (539 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.