CVE-2014-8153

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.
Configurations

Configuration 1 (hide)

cpe:2.3:a:litech:router_advertisement_daemon:2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:openstack:neutron:2014.2:*:*:*:*:*:*:*
cpe:2.3:a:openstack:neutron:2014.2.1:*:*:*:*:*:*:*

History

21 Nov 2024, 02:18

Type Values Removed Values Added
References () http://lists.openstack.org/pipermail/openstack-announce/2015-January/000320.html - Vendor Advisory () http://lists.openstack.org/pipermail/openstack-announce/2015-January/000320.html - Vendor Advisory
References () http://www.securityfocus.com/bid/71961 - () http://www.securityfocus.com/bid/71961 -
References () https://bugs.launchpad.net/neutron/+bug/1398779 - () https://bugs.launchpad.net/neutron/+bug/1398779 -
References () https://bugs.launchpad.net/neutron/+bug/1399172 - () https://bugs.launchpad.net/neutron/+bug/1399172 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=1169408 - () https://bugzilla.redhat.com/show_bug.cgi?id=1169408 -

Information

Published : 2015-01-15 15:59

Updated : 2024-11-21 02:18


NVD link : CVE-2014-8153

Mitre link : CVE-2014-8153

CVE.ORG link : CVE-2014-8153


JSON object : View

Products Affected

openstack

  • neutron

litech

  • router_advertisement_daemon
CWE
CWE-20

Improper Input Validation