what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2014-3555

Status Candidate

Overview

OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.

Related Files

Red Hat Security Advisory 2014-1119-01
Posted Sep 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1119-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in neutron's handling of allowed address pairs. As there was no enforced quota on the amount of allowed address pairs, a sufficiently authorized user could possibly create a large number of firewall rules, impacting performance or potentially rendering a compute node unusable.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-3555
SHA-256 | e45e8a7407272e99e406cd674a173ea013d37365242b61f7070157988c150857
Red Hat Security Advisory 2014-1120-01
Posted Sep 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1120-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in neutron's handling of allowed address pairs. As there was no enforced quota on the amount of allowed address pairs, a sufficiently authorized user could possibly create a large number of firewall rules, impacting performance or potentially rendering a compute node unusable.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-3555
SHA-256 | 8de0d30b6ea642ca8fc6967171ced5c81286dc7ba44aa5e3eba3418211435541
Ubuntu Security Notice USN-2321-1
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2321-1 - Liping Mao discovered that OpenStack Neutron did not properly handle requests for a large number of allowed address pairs. A remote authenticated attacker could exploit this to cause a denial of service. Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3555, CVE-2014-4615
SHA-256 | 5b7b6a9f75cfd520067e6ce6a174281f6d497b3744e0c37c37a61dd014f8632f
Red Hat Security Advisory 2014-1078-01
Posted Aug 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1078-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. A denial of service flaw was found in Neutron's handling of allowed address pairs. There was no enforced quota on the amount of allowed address pairs, possibly allowing a sufficiently authorized user to create such a large number of firewall rules as to impact performance, or potentially render a compute node unusable.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-3555
SHA-256 | 61eb55f7d058af9258b042448433e0cf6aa02fb99c11d532644292fb37b5765e
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close