Comment 29 for bug 1461054

Revision history for this message
Tristan Cacqueray (tristan-cacqueray) wrote : Re: Adding 0.0.0.0/0 to allowed address pairs breaks l2 agent

Thanks Kevin, so considering the arp00000.patch fix something that is already broken, this can surely be proposed separately after the vulnerability patch is merged.

Arosen, do you think the backport is going to be difficult ?

Here is an updated impact description:

Title: Neutron L2 agent DoS through incorrect allowed address pairs
Reporter: Darragh O'Reilly (HP)
Products: Neutron
Affects: 2014.2 versions through 2014.2.3 and 2015.1.0 version

Description:
Darragh O'Reilly from HP reported a vulnerability in Neutron. By adding an invalid allowed address pairs, an authenticated user may crash the Neutron L2 agent resulting in a denial of service attack. Neutron setups using the IPTables firewall driver are affected.