CVE-2014-8153

Current Description

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.

Basic Data

PublishedJanuary 15, 2015
Last ModifiedJanuary 16, 2015
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.0
SeverityMEDIUM
Exploitability Score8.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationLitechRouter Advertisement Daemon2.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOpenstackNeutron2014.2*******
    2.3ApplicationOpenstackNeutron2014.2.1*******

Vulnerable Software List

VendorProductVersions
Litech Router Advertisement Daemon 2.0
Openstack Neutron 2014.2, 2014.2.1

References

NameSourceURLTags
[openstack-announce] 20150108 [OSSA 2015-001] L3 agent denial of service with radvd 2.0+ (CVE-2014-8153)http://lists.openstack.org/pipermail/openstack-announce/2015-January/000320.htmlMLISTVendor Advisory
71961http://www.securityfocus.com/bid/71961BID
https://bugs.launchpad.net/neutron/+bug/1398779https://bugs.launchpad.net/neutron/+bug/1398779CONFIRM
https://bugs.launchpad.net/neutron/+bug/1399172https://bugs.launchpad.net/neutron/+bug/1399172CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1169408https://bugzilla.redhat.com/show_bug.cgi?id=1169408MISC