[openstack-announce] [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555)

Tristan Cacqueray tristan.cacqueray at enovance.com
Mon Jul 21 11:53:31 UTC 2014


OpenStack Security Advisory: 2014-025
CVE: CVE-2014-3555
Date: July 17, 2014
Title: Denial of Service in Neutron allowed address pair
Reporter: Liping Mao (Cisco)
Products: Neutron
Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.1

Description:
Liping Mao from Cisco reported a denial of service vulnerability in
Neutron's handling of allowed address pair. By creating a large number
of allowed address pairs, an authenticated user may overwhelm neutron
firewall rules and render compute nodes unusable. All Neutron setups are
affected.

Juno (development branch) fix:
https://review.openstack.org/107734

Icehouse fix:
https://review.openstack.org/107733

Havana fix:
https://review.openstack.org/107731

Notes:
This fix will be included in the Juno-2 development milestone and in
future 2013.2.4 and 2014.1.2 releases.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3555
https://launchpad.net/bugs/1336207

--
Tristan Cacqueray
OpenStack Vulnerability Management Team

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 538 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-announce/attachments/20140721/88742532/attachment.pgp>


More information about the OpenStack-announce mailing list