Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30892
HistoryJun 19, 2014 - 12:00 a.m.

[oss-security] CVE request for vulnerability in OpenStack Neutron

2014-06-1900:00:00
vulners.com
50
JSON

A vulnerability was discovered in OpenStack (see below). In order to
ensure full traceability, we need a CVE number assigned that we can
attach to further notifications. This issue is already public, although
an advisory was not sent yet.

Title: Neutron L3-agent DoS through IPv6 subnet
Reporter: Thiago Martins (HP)
Products: Neutron
Versions: up to 2013.2.3, and 2014.1

Description:
Thiago Martins from Hewlett Packard reported a vulnerability in Neutron
L3-agent. By creating an IPv6 private subnet attached to a L3 router, an
authenticated user may break the L3-agent, preventing further floating
IPv4 addresses from being attached for the entire cloud. Note: removal
of the faulty network can not be done using the API and must be cleaned
at the database level. Only Neutron setups using IPv6 and L3-agent are
affected.

References:
https://launchpad.net/bugs/1309195

Thanks in advance,

– Tristan Cacqueray OpenStack Vulnerability Management Team

JSON