Details of VAR-201501-0448

ID

VAR-201501-0448

CVE

CVE-2014-8153

TITLE

OpenStack Neutron of L3 Service disruption in agents (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-007685

DESCRIPTION

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each. OpenStack Neutron is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. OpenStack is a cloud platform management project jointly developed by the National Aeronautics and Space Administration (National Aeronautics and Space Administration) and Rackspace Corporation of the United States. Neutron is one of the network components that provides Network as a Service (NaaS), which can create a network between OpenStack services, connect network devices to the grid, and more. A security vulnerability exists in the L3 agent of OpenStack Neutron version 2014.2 and 2014.2.1

Trust: 1.98

sources: NVD: CVE-2014-8153 // JVNDB: JVNDB-2014-007685 // BID: 71961 // VULHUB: VHN-76098

AFFECTED PRODUCTS

vendor:	openstack	model:	neutron	scope:	eq	version:	2014.2	Trust: 1.9
vendor:	openstack	model:	neutron	scope:	eq	version:	2014.2.1	Trust: 1.6
vendor:	litech	model:	router advertisement daemon	scope:	eq	version:	2.0	Trust: 1.0
vendor:	litech design	model:	router advertisement daemon	scope:	eq	version:	2.0+	Trust: 0.8
vendor:	openstack	model:	neutron	scope:	eq	version:	2014.2.2	Trust: 0.8
vendor:	openstack	model:	neutron	scope:	lt	version:	2014.2.x	Trust: 0.8
vendor:	openstack	model:	neutron	scope:	eq	version:	2014.1.2	Trust: 0.3

sources: BID: 71961 // JVNDB: JVNDB-2014-007685 // CNNVD: CNNVD-201501-209 // NVD: CVE-2014-8153

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8153
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8153
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201501-209
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-76098
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8153
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-76098
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-76098 // JVNDB: JVNDB-2014-007685 // CNNVD: CNNVD-201501-209 // NVD: CVE-2014-8153

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-76098 // JVNDB: JVNDB-2014-007685 // NVD: CVE-2014-8153

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-209

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201501-209

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007685

PATCH

title:	Bug #1398779	url:	https://bugs.launchpad.net/neutron/+bug/1398779	Trust: 0.8
title:	Bug #1399172	url:	https://bugs.launchpad.net/neutron/+bug/1399172	Trust: 0.8
title:	Bug 1169408	url:	https://bugzilla.redhat.com/show_bug.cgi?id=1169408	Trust: 0.8

sources: JVNDB: JVNDB-2014-007685

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8153	Trust: 2.8
db:	BID	id:	71961	Trust: 2.0
db:	JVNDB	id:	JVNDB-2014-007685	Trust: 0.8
db:	CNNVD	id:	CNNVD-201501-209	Trust: 0.7
db:	VULHUB	id:	VHN-76098	Trust: 0.1

sources: VULHUB: VHN-76098 // BID: 71961 // JVNDB: JVNDB-2014-007685 // CNNVD: CNNVD-201501-209 // NVD: CVE-2014-8153

REFERENCES

url:	https://bugs.launchpad.net/neutron/+bug/1399172	Trust: 2.0
url:	http://www.securityfocus.com/bid/71961	Trust: 1.7
url:	http://lists.openstack.org/pipermail/openstack-announce/2015-january/000320.html	Trust: 1.7
url:	https://bugs.launchpad.net/neutron/+bug/1398779	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1169408	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8153	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8153	Trust: 0.8
url:	http://www.openstack.org	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1180469	Trust: 0.3
url:	https://review.openstack.org/#/c/141575/	Trust: 0.3
url:	https://review.openstack.org/#/c/138688/	Trust: 0.3

sources: VULHUB: VHN-76098 // BID: 71961 // JVNDB: JVNDB-2014-007685 // CNNVD: CNNVD-201501-209 // NVD: CVE-2014-8153

CREDITS

Ihar Hrachyshka from Red Hat

Trust: 0.9

sources: BID: 71961 // CNNVD: CNNVD-201501-209

SOURCES

db:	VULHUB	id:	VHN-76098
db:	BID	id:	71961
db:	JVNDB	id:	JVNDB-2014-007685
db:	CNNVD	id:	CNNVD-201501-209
db:	NVD	id:	CVE-2014-8153

LAST UPDATE DATE

2024-11-23T22:59:37.553000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-76098	date:	2015-01-16T00:00:00
db:	BID	id:	71961	date:	2015-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2014-007685	date:	2015-01-19T00:00:00
db:	CNNVD	id:	CNNVD-201501-209	date:	2015-01-16T00:00:00
db:	NVD	id:	CVE-2014-8153	date:	2024-11-21T02:18:40.333

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-76098	date:	2015-01-15T00:00:00
db:	BID	id:	71961	date:	2015-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2014-007685	date:	2015-01-19T00:00:00
db:	CNNVD	id:	CNNVD-201501-209	date:	2015-01-12T00:00:00
db:	NVD	id:	CVE-2014-8153	date:	2015-01-15T15:59:08.607