Bug 1163457 (CVE-2014-7821)
Summary: | CVE-2014-7821 openstack-neutron: DoS via maliciously crafted dns_nameservers | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | unspecified | CC: | abaron, aortega, apevec, ayoung, chazlett, chrisw, dallan, gkotton, gmollett, ihrachys, jrusnack, lhh, lpeer, majopela, markmc, nyechiel, rbryant, sclewis, security-response-team, yeylon | ||||||||
Target Milestone: | --- | Keywords: | Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: |
A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.
|
Story Points: | --- | ||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2015-01-14 00:10:23 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 1165886, 1165887, 1166074, 1166075, 1166318, 1168800 | ||||||||||
Bug Blocks: | 1163459 | ||||||||||
Attachments: |
|
Description
Vincent Danen
2014-11-12 18:06:17 UTC
Created attachment 956842 [details] patch for CVE-2014-7821 (stable-juno) Created attachment 956843 [details] patch for CVE-2014-7821 (stable-icehouse) Created attachment 956844 [details] patch for CVE-2014-7821 (master-kilo) This issue is public now: http://seclists.org/oss-sec/2014/q4/690 Created openstack-neutron tracking bugs for this issue: Affects: openstack-rdo [bug 1165886] Affects: fedora-all [bug 1165887] IssueDescription: A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service. I suspect we also need a bug for Havana (RHOS4). This fix introduced a regression: http://lists.openstack.org/pipermail/openstack-dev/2014-November/051757.html This issue has been addressed in the following products: OpenStack 5 for RHEL 6 Via RHSA-2014:1938 https://rhn.redhat.com/errata/RHSA-2014-1938.html This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2014:1942 https://rhn.redhat.com/errata/RHSA-2014-1942.html This issue has been addressed in the following products: OpenStack 4 for RHEL 6 Via RHSA-2015:0044 https://rhn.redhat.com/errata/RHSA-2015-0044.html |