![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
CVE request for vulnerability in OpenStack Neutron
From: Tristan Cacqueray <tristan.cacqueray () enovance com>
Date: Mon, 16 Jun 2014 15:25:26 -0400
A vulnerability was discovered in OpenStack (see below). In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. Title: Neutron L3-agent DoS through IPv6 subnet Reporter: Thiago Martins (HP) Products: Neutron Versions: up to 2013.2.3, and 2014.1 Description: Thiago Martins from Hewlett Packard reported a vulnerability in Neutron L3-agent. By creating an IPv6 private subnet attached to a L3 router, an authenticated user may break the L3-agent, preventing further floating IPv4 addresses from being attached for the entire cloud. Note: removal of the faulty network can not be done using the API and must be cleaned at the database level. Only Neutron setups using IPv6 and L3-agent are affected. References: https://launchpad.net/bugs/1309195 Thanks in advance, -- Tristan Cacqueray OpenStack Vulnerability Management Team
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request for vulnerability in OpenStack Neutron Tristan Cacqueray (Jun 16)
- Re: CVE request for vulnerability in OpenStack Neutron cve-assign (Jun 17)