CVE-2014-8153

Published: Jan 15, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.

Affected (3)

Products: Litech: Router Advertisement Daemon · Openstack: Neutron

1 product

Router Advertisement Daemon

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Litech Router Advertisement Daemon	Version 2.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Neutron	Version 2014.2.1
Openstack Neutron	Version 2014.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://lists.openstack.org/pipermail/openstack-announce/2015-January/000320.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/71961

Source: secalert@redhat.com

https://bugs.launchpad.net/neutron/+bug/1398779

Source: secalert@redhat.com

https://bugs.launchpad.net/neutron/+bug/1399172

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1169408

Source: secalert@redhat.com

http://lists.openstack.org/pipermail/openstack-announce/2015-January/000320.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/71961

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/neutron/+bug/1398779

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/neutron/+bug/1399172

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1169408

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.