[OSSA 2014-039] Maliciously crafted dns_nameservers will crash neutron (CVE-2014-7821)
Bug #1378450 reported by
Jason Meridth
This bug affects 3 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Security Advisory |
Fix Released
|
High
|
Tristan Cacqueray | ||
| neutron |
Fix Released
|
High
|
Tristan Cacqueray | ||
| Icehouse |
Fix Committed
|
Undecided
|
Tristan Cacqueray | ||
| Juno |
Fix Released
|
High
|
Tristan Cacqueray | ||
Bug Description
The following request body will crash neutron nodes.
{"subnet": {"network_id": "2aeb163a-
"cidr": "192.168.1.3/16",
"dns_nameservers": ["1111111111111
Even strace stops logging.
CVE References
| tags: |
added: juno-backport-potential removed: juno-rc-potential |
| Changed in ossa: | |
| status: | Incomplete → Confirmed |
| importance: | Undecided → High |
| Changed in neutron: | |
| status: | New → In Progress |
| summary: |
- Maliciously crafted dns_nameservers will crash neutron + Maliciously crafted dns_nameservers will crash neutron (CVE-2014-7821) |
| information type: | Private Security → Public Security |
| summary: |
- Maliciously crafted dns_nameservers will crash neutron (CVE-2014-7821) + [OSSA 2014-039] Maliciously crafted dns_nameservers will crash neutron + (CVE-2014-7821) |
| Changed in neutron: | |
| milestone: | none → kilo-1 |
| importance: | Undecided → High |
| Changed in ossa: | |
| assignee: | nobody → Tristan Cacqueray (tristan-cacqueray) |
| status: | Fix Committed → Fix Released |
| Changed in neutron: | |
| status: | Fix Committed → Fix Released |
| Changed in neutron: | |
| milestone: | kilo-1 → 2015.1.0 |
To post a comment you must log in.

Thanks for the report, the OSSA task is set to incomplete, pending additional details from security reviewer.