yahoo-eng-team team mailing list archive

[OpenStack Infra <1987410@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/855997
Committed: https://opendev.org/openstack/neutron-tempest-plugin/commit/14d9215c9ab22e84788ce83cbc563535f2fdf1c7
Submitter: "Zuul (22348)"
Branch:    master

commit 14d9215c9ab22e84788ce83cbc563535f2fdf1c7
Author: yangjianfeng <yjf1970231893@xxxxxxxxx>
Date:   Tue Sep 6 10:42:29 2022 +0800

    Create extra external network with address scope for `ndp proxy` tests
    
    For details, please refer to https://review.opendev.org/855850
    
    Closes-Bug: #1987410
    Change-Id: I9f3176a9688db8c4f4417139b712d1570c5ab7bb


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1987410

Title:
  NDP proxy allows address takeover when address scope is not used

Status in neutron:
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  When the new NDP proxy feature is configured without an address scope
  being used on the external network, there is no protection against
  addresses being used multiple times. This can be exploited by a
  malicious tenant via creating a subnet with a prefix that covers an
  address that is already in use and take over (part of) the traffic
  flowing towards that address. The success of the attack depends on
  winning the race of who answers the NDP query first, but still a 50%
  chance of capturing traffic seems dangerous. The attack works not only
  against other addresses served by NDP proxy, but also against other
  hosts that may exist, potentially even the gateway for the external
  network.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1987410/+subscriptions