Launchpad.net

CVE 2015-3221

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

Related bugs and status

CVE-2015-3221 (Candidate) is related to these bugs:

Bug #1461054: [OSSA 2015-012] Adding 0.0.0.0/0 to allowed address pairs breaks l2 agent (CVE-2015-3221)

		In	Importance	Status
1461054	[OSSA 2015-012] Adding 0.0.0.0/0 to allowed address pairs breaks l2 agent (CVE-2015-3221)	neutron	Critical	Fix Released
1461054	[OSSA 2015-012] Adding 0.0.0.0/0 to allowed address pairs breaks l2 agent (CVE-2015-3221)	OpenStack Security Advisory	Critical	Fix Released
1461054	[OSSA 2015-012] Adding 0.0.0.0/0 to allowed address pairs breaks l2 agent (CVE-2015-3221)	neutron juno	Critical	Fix Released
1461054	[OSSA 2015-012] Adding 0.0.0.0/0 to allowed address pairs breaks l2 agent (CVE-2015-3221)	neutron kilo	Critical	Fix Committed

Bug #1466490: Neutron L2 agent DoS through incorrect allowed address pairs (CVE-2015-3221)

		In	Importance	Status
1466490	Neutron L2 agent DoS through incorrect allowed address pairs (CVE-2015-3221)	Mirantis OpenStack	Critical	Fix Released
1466490	Neutron L2 agent DoS through incorrect allowed address pairs (CVE-2015-3221)	Mirantis OpenStack 6.1.x	Critical	Fix Released
1466490	Neutron L2 agent DoS through incorrect allowed address pairs (CVE-2015-3221)	Mirantis OpenStack 7.0.x	Critical	Fix Released
1466490	Neutron L2 agent DoS through incorrect allowed address pairs (CVE-2015-3221)	Mirantis OpenStack 6.0.x	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-3221

Related bugs and status

Related bugs

References