The OpenStack project reports: "" Title: Neutron L3-agent DoS through IPv6 subnet Reporter: Thiago Martins (HP) Products: Neutron Versions: up to 2013.2.3, and 2014.1 Description: Thiago Martins from Hewlett Packard reported a vulnerability in Neutron L3-agent. By creating an IPv6 private subnet attached to a L3 router, an authenticated user may break the L3-agent, preventing further floating IPv4 addresses from being attached for the entire cloud. Note: removal of the faulty network can not be done using the API and must be cleaned at the database level. Only Neutron setups using IPv6 and L3-agent are affected. "" Upstream bug: https://launchpad.net/bugs/1309195 Possible fixes (in the master branch): https://review.openstack.org/#/c/88584/ https://git.openstack.org/cgit/openstack/neutron/commit/?id=d23bc8fa6e2d8a735a2aa75224b1bc96a3b992f5 CVE request: http://www.openwall.com/lists/oss-security/2014/06/16/2
Created openstack-neutron tracking bugs for this issue: Affects: fedora-20 [bug 1110142]
MITRE assigned CVE-2014-4167 to this issue: http://www.openwall.com/lists/oss-security/2014/06/17/18
openstack-neutron-2013.2.3-9.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Fix committed upstream for havana: https://git.openstack.org/cgit/openstack/neutron/diff/?id=e5fed4812633b0e7cbcb4107b6dc04710e007edf&context=3&ignorews=0&ss=0
This issue has been addressed in following products: OpenStack 4 for RHEL 6 Via RHSA-2014:0899 https://rhn.redhat.com/errata/RHSA-2014-0899.html