Published: 31/08/2021 Updated: 13/06/2022

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

An issue exists in OpenStack Neutron prior to 16.4.1, 17.x prior to 17.2.1, and 18.x prior to 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack neutron
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0

Debian Bug report logs - #993398 neutron: CVE-2021-40085: Arbitrary dnsmasq reconfiguration via extra_dhcp_opts Package: src:neutron; Maintainer for src:neutron is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 31 Aug 2021 19:21:01 UTC Severity: ...

Pavel Toporkov discovered a vulnerability in Neutron, the OpenStack virtual network service, which allowed a reconfiguration of dnsmasq via crafted dhcp_extra_opts parameters For the oldstable distribution (buster), this problem has been fixed in version 2:1307+git20210927bace3d1890-0+deb10u1 This update also fixes CVE-2021-20267 For the s ...

oss-sec mailing list archives   By Date By Thread </form>    [OSSA-2021-005] Neutron: Arbitrary dnsmasq reconfiguration via extra_dhcp_opts (CVE-2021-40085)  <! ...

NVD-CWE-noinfo https://security.openstack.org/ossa/OSSA-2021-005.html https://launchpad.net/bugs/1939733 http://www.openwall.com/lists/oss-security/2021/08/31/2 https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html https://www.debian.org/security/2021/dsa-4983 https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993398 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4983

CVE-2021-40085

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect