Comment 15 for bug 1837252
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: IFLA_BR_AGEING_TIME of 0 causes flooding across bridges | #15 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
Below is a proposed impact description. Please review and let me know if it needs to be adjusted before I request a CVE assignment with it. In particular, I was unsure which versions were affected so I went with the earliest release from the Stein cycle (per comment #11 above). James, also let me know if there is an employer or other organization you would like credited along with your name.
Title: Ageing time of 0 fills linuxbridge MAC tables
Reporter: James Denton
Products: os-vif
Affects: >=1.12.0<1.15.2, 1.16.0
Description:
James Denton reported a vulnerability in os-vif, the Nova/Neutron
network integration library. The hard-coded MAC ageing time of 0
causes rapid filling of linuxbridge tables, often resulting in
Ethernet flooding which both slows network performance significantly
and allows users to possibly view the content of packets for
instances belonging to other tenants sharing the same network.
Only deployments using the linuxbridge backend are affected.