Reporter: Henry Yamauchi, Charles Neill and Michael Xin (Rackspace) Products: Neutron Versions: up to 2014.1.3 and 2014.2 Description: Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported a vulnerability in Neutron. By configuring a maliciously crafted dns_nameservers an authenticated user may crash Neutron service resulting in a denial of service attack. All Neutron setups are affected. Acknowledgements: Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Henry Yamauchi, Charles Neill and Michael Xin (Rackspace) as the original reporters.
Created attachment 956842 [details] patch for CVE-2014-7821 (stable-juno)
Created attachment 956843 [details] patch for CVE-2014-7821 (stable-icehouse)
Created attachment 956844 [details] patch for CVE-2014-7821 (master-kilo)
This issue is public now: http://seclists.org/oss-sec/2014/q4/690
Created openstack-neutron tracking bugs for this issue: Affects: openstack-rdo [bug 1165886] Affects: fedora-all [bug 1165887]
IssueDescription: A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.
I suspect we also need a bug for Havana (RHOS4).
This fix introduced a regression: http://lists.openstack.org/pipermail/openstack-dev/2014-November/051757.html
This issue has been addressed in the following products: OpenStack 5 for RHEL 6 Via RHSA-2014:1938 https://rhn.redhat.com/errata/RHSA-2014-1938.html
This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2014:1942 https://rhn.redhat.com/errata/RHSA-2014-1942.html
This issue has been addressed in the following products: OpenStack 4 for RHEL 6 Via RHSA-2015:0044 https://rhn.redhat.com/errata/RHSA-2015-0044.html