neutron

  1. Series icehouse
  2. Bug #1378450
  3. Comment #10

Comment 10 for bug 1378450

Revision history for this message
Jason Meridth (jmeridth) wrote : Re: [Bug 1378450] Re: Maliciously crafted dns_nameservers will crash neutron

Jeremy,
Awesome. Thank you

---
Jason
On Oct 8, 2014 1:45 PM, "Jeremy Stanley" <email address hidden> wrote:

> Jason, absolutely. I'll make sure we credit "Henry Yamauchi, Charles
> Neill and Michael Xin from Rackspace" as the researchers responsible for
> its discovery on any advisory we publish for this issue. Thanks for the
> additional detail.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1378450
>
> Title:
> Maliciously crafted dns_nameservers will crash neutron
>
> Status in OpenStack Neutron (virtual network service):
> New
> Status in OpenStack Security Advisories:
> Incomplete
>
> Bug description:
> The following request body will crash neutron nodes.
>
> {"subnet": {"network_id": "2aeb163a-a415-4568-bb9e-9c0ac93d54e4",
> "ip_version": 4,
> "cidr": "192.168.1.3/16",
> "dns_nameservers":
> ["111111111111111111111111111111111111111111111111111111111111"]}}
>
> Even strace stops logging.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/neutron/+bug/1378450/+subscriptions
>