Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8153

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2014-8153
Last Modified 15 Jan 2015 07:37:24
Published 15 Jan 2015 10:59:08
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-8153

Summary

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.

Vulnerable Systems

Application

  • Litech Router Advertisement Daemon 2.0

  • Openstack Neutron 2014.2

  • Openstack Neutron 2014.2.1


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1169408

CONFIRM - https://bugs.launchpad.net/neutron/+bug/1399172

CONFIRM - https://bugs.launchpad.net/neutron/+bug/1398779

BID - 71961

MLIST - [openstack-announce] 20150108 [OSSA 2015-001] L3 agent denial of service with radvd 2.0+ (CVE-2014-8153)


Last Updated: 27 May 2016 11:07:33