[Openstack-security] [Bug 1262759] Re: ICMPv6 RAs should only be permitted from known routers
Mark McClain
1262759 at bugs.launchpad.net
Fri Apr 4 22:17:43 UTC 2014
** Changed in: neutron
Milestone: None => juno-1
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1262759
Title:
ICMPv6 RAs should only be permitted from known routers
Status in OpenStack Neutron (virtual network service):
Fix Committed
Status in OpenStack Security Advisories:
Invalid
Bug description:
ICMPv6 is now allowed in from any host but other hosts can offer bogus
routes.
Change security group/port filtering to respect known routers:
- tenant routers attached to subnets and passing v6
- physical routers on provider networks provided on the network (as some sort of admin configurable list for that network).
(Security issue: One VM sharing a neutron network can divert outgoing
traffic from other VMs.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1262759/+subscriptions
More information about the Openstack-security
mailing list