OpenStack Security Advisory: 2014-019 CVE: CVE-2014-4167 Date: June 18, 2014 Title: Neutron L3-agent DoS through IPv6 subnet Reporter: Thiago Martins (HP) Products: Neutron Versions: up to 2013.2.3, and 2014.1 Description: Thiago Martins from Hewlett Packard reported a vulnerability in Neutron L3-agent. By creating an IPv6 private subnet attached to a L3 router, an authenticated user may break the L3-agent, preventing further floating IPv4 addresses from being attached for the entire cloud. Note: removal of the faulty network can not be done using the API and must be cleaned at the database level. Only Neutron setups using IPv6 and L3-agent are affected. Juno (development branch) fix: https://review.openstack.org/88584 Icehouse fix: https://review.openstack.org/95938 Havana fix: https://review.openstack.org/95939 Notes: This fix will be included in the Juno-2 development milestone and in future 2013.2.4 and 2014.1.2 releases. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4167 https://launchpad.net/bugs/1309195 -- Tristan Cacqueray OpenStack Vulnerability Management Team -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 538 bytes Desc: OpenPGP digital signature URL: <http://lists.openstack.org/pipermail/openstack-announce/attachments/20140618/c117e335/attachment.pgp>