[OSSA 2014-039] Neutron DoS through invalid DNS configuration (CVE-2014-7821)
OpenStack Security Advisory: 2014-039 CVE: CVE-2014-7821 Date: November 19, 2014 Title: Neutron DoS through invalid DNS configuration Reporter: Henry Yamauchi, Charles Neill and Michael Xin (Rackspace) Products: Neutron Versions: up to 2014.1.3 and 2014.2
Description: Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported a vulnerability in Neutron. By configuring a maliciously crafted dns_nameservers an authenticated user may crash Neutron service resulting in a denial of service attack. All Neutron setups are affected.
Kilo (development branch) fix: https://review.openstack.org/135616
Juno fix: https://review.openstack.org/135623
Icehouse fix: https://review.openstack.org/135624
Notes: This fix will be included in future 2014.1.4 and 2014.2.1 releases.
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7821 https://launchpad.net/bugs/1378450
participants (1)
-
Tristan Cacqueray