User: Password:
Subscribe / Log in / New account

openstack-neutron: denial of service

Package(s):openstack-neutron CVE #(s):CVE-2014-3555
Created:August 1, 2014 Updated:September 3, 2014
Description: From the Red Hat bugzilla:

Liping Mao from Cisco reported a denial of service vulnerability in Neutron's handling of allowed address pair. By creating a large number of allowed address pairs, an authenticated user may overwhelm neutron firewall rules and render compute nodes unusable. All Neutron setups are affected.

Red Hat RHSA-2014:1120-01 openstack-neutron 2014-09-02
Red Hat RHSA-2014:1119-01 openstack-neutron 2014-09-02
Ubuntu USN-2321-1 neutron 2014-08-21
Red Hat RHSA-2014:1078-01 openstack-neutron 2014-08-20
Fedora FEDORA-2014-8743 openstack-neutron 2014-08-01

(Log in to post comments)

openstack-neutron: denial of service

Posted Aug 10, 2014 6:41 UTC (Sun) by vbannai (guest, #87101) [Link]

Is it any authenticated user or a user with privileges?

My understanding is that it would have to be a authenticated and privileged user that can add allowed address pairs.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds