[Openstack] [OSSA 2014-039.1] Neutron DoS through invalid DNS configuration (CVE-2014-7821) ERRATA 1

Tristan Cacqueray tristan.cacqueray at enovance.com
Wed Dec 10 19:41:37 UTC 2014


OpenStack Security Advisory: 2014-039 (ERRATA 1)
CVE: CVE-2014-7821
Date: December 10, 2014
Title: Neutron DoS through invalid DNS configuration
Reporter: Henry Yamauchi, Charles Neill and Michael Xin (Rackspace)
Products: Neutron
Versions: up to 2014.1.3 and 2014.2

Description:
Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported
a vulnerability in Neutron. By configuring a maliciously crafted
dns_nameservers an authenticated user may crash Neutron service
resulting in a denial of service attack. All Neutron setups are affected.

Errata:
The former fix did not take into account the usage of hostnames as
nameserver and caused a regression for this use-case. This update
provides an additional fix for that issue.

Kilo (development branch) fixes:
https://review.openstack.org/135616 (original)
https://review.openstack.org/137560 (errata)

Juno fixes:
https://review.openstack.org/135623 (original)
https://review.openstack.org/139061 (errata)

Icehouse fixes:
https://review.openstack.org/135624 (original)
https://review.openstack.org/139063 (errata)

Notes:
These fixes are included in the 2014.2.1 release and will be included in
a future 2014.1.4 release.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7821
https://launchpad.net/bugs/1378450

OSSA History:
2014-12-10 - Errata 1
2014-11-19 - Original Version

--
Tristan Cacqueray
OpenStack Vulnerability Management Team

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 538 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20141210/809a1d7b/attachment.sig>


More information about the Openstack mailing list