CVE-2014-8153
Published: 15 January 2015
The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.
Notes
Author | Note |
---|---|
mdeslaur | utopic comes with radvd 1.9.1. This is only an issue when used with radvd 2.0+ |
Priority
Status
Package | Release | Status |
---|---|---|
neutron Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [1:2014.1.3-0ubuntu1.1])
|
|
utopic |
Ignored
|
|
vivid |
Not vulnerable
(1:2015.1~b1-0ubuntu5)
|
|
Patches: upstream: https://review.openstack.org/#/c/141575/ (juno) |