CVE-2014-8153
Published: 15 January 2015
The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.
Notes
| Author | Note |
|---|---|
| mdeslaur | utopic comes with radvd 1.9.1. This is only an issue when used with radvd 2.0+ |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
neutron Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| lucid |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was not-affected [1:2014.1.3-0ubuntu1.1])
|
|
| utopic |
Ignored
|
|
| vivid |
Not vulnerable
(1:2015.1~b1-0ubuntu5)
|
|
|
Patches: upstream: https://review.openstack.org/#/c/141575/ (juno) |
||