From 005edf3d9a8410787d5ea891f24d3de544d840f4 Mon Sep 17 00:00:00 2001 From: Tristan Cacqueray Date: Mon, 24 Nov 2014 16:14:36 +0000 Subject: [PATCH] import OSSA 2014-039 Change-Id: I2a52b175b5df3ebef74c69653a6d3d81be7b8375 --- ossa/OSSA-2014-039.yaml | 70 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 ossa/OSSA-2014-039.yaml diff --git a/ossa/OSSA-2014-039.yaml b/ossa/OSSA-2014-039.yaml new file mode 100644 index 0000000..1b5bd3c --- /dev/null +++ b/ossa/OSSA-2014-039.yaml @@ -0,0 +1,70 @@ +date: 2014-11-19 + +id: OSSA-2014-039 + +title: 'Neutron DoS through invalid DNS configuration' + +description: 'Henry Yamauchi, Charles Neill and Michael Xin from Rackspace reported + a vulnerability in Neutron. By configuring a maliciously crafted + dns_nameservers an authenticated user may crash Neutron service + resulting in a denial of service attack. All Neutron setups are affected.' + +reference: http://lists.openstack.org/pipermail/openstack-announce/2014-November/000303.html + +affected-products: + + - product: nova + version: up to 2014.1.3 and 2014.2 + +vulnerabilities: + + - cve-id: CVE-2014-7821 + impact-assessment: + source: 'Red Hat Product Security' + rating: moderate + assessment: + type: CVSS2 + score: 4.0 + detail: AV:N/AC:L/Au:S/C:N/I:N/A:P + classification: + source: 'Red Hat Product Security' + type: CWE + detail: TODO + + +reporters: + + - name: 'Henry Yamauchi' + affiliation: Rackspace + reported: + - CVE-2014-7821 + + - name: 'Charles Neill' + affiliation: Rackspace + reported: + - CVE-2014-7821 + + - name: 'Michael Xin' + affiliation: Rackspace + reported: + - CVE-2014-7821 + +issues: + + links: + - https://launchpad.net/bugs/1378450 + + type: launchpad + +reviews: + + kilo: + - https://review.openstack.org/135616 + + juno: + - https://review.openstack.org/135623 + + icehouse: + - https://review.openstack.org/135624 + + type: gerrit