Neutron DoS through invalid DNS configuration (CVE-2014-7821)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mirantis OpenStack |
Fix Committed
|
Critical
|
Alexander Ignatov | ||
| 5.0.x |
Fix Committed
|
Critical
|
Alexander Ignatov | ||
| 5.1.x |
Fix Committed
|
Critical
|
Alexander Ignatov | ||
| 6.0.x |
Fix Committed
|
Critical
|
Alexander Ignatov | ||
Bug Description
This is [pre-OSSA] Vulnerability in OpenStack Neutron (CVE-2014-7821)
Title: Neutron DoS through invalid DNS configuration
Reporter: Henry Yamauchi, Charles Neill and Michael Xin (Rackspace)
Products: Neutron
Versions: up to 2014.2
Description:
Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported a
vulnerability in Neutron. By configuring a maliciously crafted
dns_nameservers an authenticated user may crash Neutron service
resulting in a denial of service attack. All Neutron setups are
ubuntuaffected.
Proposed patch:
See attached patches. Unless a flaw is discovered in them, these patches
will be merged to stable/icehouse and stable/juno on the public
disclosure date.
CVE: CVE-2014-7821
Proposed public disclosure date/time:
2014-11-19, 1500UTC
Please do not make the issue public (or release public patches) before
this coordinated embargo date.
CVE References
| tags: | added: cve |
| summary: |
- Neutron DoS through invalid DNS configuration + Neutron DoS through invalid DNS configuration (CVE-2014-7821) |
| information type: | Private Security → Public Security |
