yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #26720
[Bug 1399172] Re: [OSSA 2015-001] L3 agent DoS vulnerability (CVE-2014-8153)
** Changed in: ossa
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1399172
Title:
[OSSA 2015-001] L3 agent DoS vulnerability (CVE-2014-8153)
Status in OpenStack Neutron (virtual network service):
Fix Committed
Status in neutron icehouse series:
Invalid
Status in neutron juno series:
Fix Committed
Status in OpenStack Security Advisories:
Fix Released
Bug description:
Reported by Ihar Hrachyshka via email:
we've found a bug [1] in Openstack Neutron Juno (2014.2) release that
(it seems) may be utilized to make Neutron L3 agent non-functional
during the following scenario (initially reported in downstream as [2]):
- a tenant (user) creates 8 routers;
- for each router, a tenant assigns a ipv6 non-provider subnet.
=> L3 agent limits the number of threads that process updates to
router state to 8 [3]. Since the bug makes the thread lock if the
release is used with radvd 2.0+, it's enough to have those 8 failing
routers to completely block any kind of router updates processing for
all tenants.
The vulnerability is limited to setups that run on top of radvd 2.0+.
There are few distributions that currently ship radvd 2.0+,
so the scope of the vulnerability is not very wide (in Red Hat world,
it's mostly Fedora Rawhide).
The bug in question is public, though I haven't raised its potential
security status in any public or private communications before.
[1]: https://launchpad.net/bugs/1398779
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1169408
[3]: https://github.com/openstack/neutron/blob/master/neutron/agent/l3_agent.py#L1831
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1399172/+subscriptions