Bug 1163457 (CVE-2014-7821)

Summary: CVE-2014-7821 openstack-neutron: DoS via maliciously crafted dns_nameservers
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, chazlett, chrisw, dallan, gkotton, gmollett, ihrachys, jrusnack, lhh, lpeer, majopela, markmc, nyechiel, rbryant, sclewis, security-response-team, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-14 00:10:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1165886, 1165887, 1166074, 1166075, 1166318, 1168800    
Bug Blocks: 1163459    
Attachments:
Description Flags
patch for CVE-2014-7821 (stable-juno)
none
patch for CVE-2014-7821 (stable-icehouse)
none
patch for CVE-2014-7821 (master-kilo) none

Description Vincent Danen 2014-11-12 18:06:17 UTC
Reporter: Henry Yamauchi, Charles Neill and Michael Xin (Rackspace)
Products: Neutron
Versions: up to 2014.1.3 and 2014.2

Description:
Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported a
vulnerability in Neutron. By configuring a maliciously crafted
dns_nameservers an authenticated user may crash Neutron service
resulting in a denial of service attack. All Neutron setups are
affected.


Acknowledgements:

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Henry Yamauchi, Charles Neill and Michael Xin (Rackspace) as the original reporters.

Comment 1 Vincent Danen 2014-11-12 18:09:48 UTC
Created attachment 956842 [details]
patch for CVE-2014-7821 (stable-juno)

Comment 2 Vincent Danen 2014-11-12 18:10:11 UTC
Created attachment 956843 [details]
patch for CVE-2014-7821 (stable-icehouse)

Comment 3 Vincent Danen 2014-11-12 18:10:43 UTC
Created attachment 956844 [details]
patch for CVE-2014-7821 (master-kilo)

Comment 5 Murray McAllister 2014-11-19 23:38:19 UTC
This issue is public now:

http://seclists.org/oss-sec/2014/q4/690

Comment 6 Murray McAllister 2014-11-19 23:41:20 UTC
Created openstack-neutron tracking bugs for this issue:

Affects: openstack-rdo [bug 1165886]
Affects: fedora-all [bug 1165887]

Comment 8 Martin Prpič 2014-11-25 09:04:34 UTC
IssueDescription:

A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.

Comment 9 Ihar Hrachyshka 2014-11-25 18:10:17 UTC
I suspect we also need a bug for Havana (RHOS4).

Comment 11 Ihar Hrachyshka 2014-11-28 13:34:29 UTC
This fix introduced a regression: http://lists.openstack.org/pipermail/openstack-dev/2014-November/051757.html

Comment 12 errata-xmlrpc 2014-12-02 16:48:57 UTC
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 6

Via RHSA-2014:1938 https://rhn.redhat.com/errata/RHSA-2014-1938.html

Comment 13 errata-xmlrpc 2014-12-02 17:00:32 UTC
This issue has been addressed in the following products:

  OpenStack 5 for RHEL 7

Via RHSA-2014:1942 https://rhn.redhat.com/errata/RHSA-2014-1942.html

Comment 14 errata-xmlrpc 2015-01-13 17:57:34 UTC
This issue has been addressed in the following products:

  OpenStack 4 for RHEL 6

Via RHSA-2015:0044 https://rhn.redhat.com/errata/RHSA-2015-0044.html