import OSSA 2014-039

Change-Id: I2a52b175b5df3ebef74c69653a6d3d81be7b8375
2014-11-24 16:14:36 +00:00 · 2014-11-24 16:14:36 +00:00 · 005edf3d9a
parent 62af610079
commit 005edf3d9a
1 changed files with 70 additions and 0 deletions
--- a/ossa/OSSA-2014-039.yaml
+++ b/ossa/OSSA-2014-039.yaml
@ -0,0 +1,70 @@
+date: 2014-11-19
+
+id: OSSA-2014-039
+
+title: 'Neutron DoS through invalid DNS configuration'
+
+description: 'Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported
+    a vulnerability in Neutron. By configuring a maliciously crafted
+    dns_nameservers an authenticated user may crash Neutron service
+    resulting in a denial of service attack. All Neutron setups are affected.'
+
+reference: http://lists.openstack.org/pipermail/openstack-announce/2014-November/000303.html
+
+affected-products:
+
+  - product: nova
+    version: up to 2014.1.3 and 2014.2
+
+vulnerabilities:
+
+  - cve-id: CVE-2014-7821
+    impact-assessment:
+      source: 'Red Hat Product Security'
+      rating: moderate
+      assessment:
+        type: CVSS2
+        score: 4.0
+        detail: AV:N/AC:L/Au:S/C:N/I:N/A:P
+    classification:
+      source: 'Red Hat Product Security'
+      type: CWE
+      detail: TODO
+
+
+reporters:
+
+  - name: 'Henry Yamauchi'
+    affiliation: Rackspace
+    reported:
+      - CVE-2014-7821
+
+  - name: 'Charles Neill'
+    affiliation: Rackspace
+    reported:
+      - CVE-2014-7821
+
+  - name: 'Michael Xin'
+    affiliation: Rackspace
+    reported:
+      - CVE-2014-7821
+
+issues:
+
+  links:
+    - https://launchpad.net/bugs/1378450
+
+  type: launchpad
+
+reviews:
+
+  kilo:
+    - https://review.openstack.org/135616
+
+  juno:
+    - https://review.openstack.org/135623
+
+  icehouse:
+    - https://review.openstack.org/135624
+
+  type: gerrit