Published: 11/07/2014 Updated: 22/10/2018

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

The L3-agent in OpenStack Neutron prior to 2013.2.4, 2014.x prior to 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack neutron
openstack neutron 2014.1.1
openstack neutron 2014.1
canonical ubuntu linux 13.10
canonical ubuntu linux 14.04

Debian Bug report logs - #752021 CVE-2014-4167: Neutron L3-agent DoS through IPv6 subnet Package: neutron; Maintainer for neutron is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Wed, 18 Jun 2014 19:42:02 UTC Severity: important Tags: patch, security Found ...

Several security issues were fixed in OpenStack Neutron ...

The L3-agent in OpenStack Neutron before 201324, 2014x before 201412, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router ...

CWE-264 http://secunia.com/advisories/59533 http://seclists.org/oss-sec/2014/q2/572 http://www.ubuntu.com/usn/USN-2255-1 https://bugs.launchpad.net/neutron/+bug/1309195 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752021 https://usn.ubuntu.com/2255-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-4167

CVE-2014-4167

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect