Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1409648DE7B4BF3AFF56E9594B41BAA2ED1CA9B2E4A49CFF16BFA66774DEAAA8
HistoryAug 08, 2018 - 4:13 a.m.

Security Bulletin: IBM Cloud Manager with Openstack DoS through IPv6 subnet vulnerability (CVE-2014-4167)

2018-08-0804:13:55
www.ibm.com
8

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

JSON

Summary

By creating an IPv6 private subnet attached to a L3 router, an authenticated user may break the L3-agent, preventing further floating IPv4 addresses from being attached for the entire cloud.

Vulnerability Details

CVE ID: CVE-2014-4167

**Description:**The OpenStack Neutron L3-agent is vulnerable to a denial of service attack. A malicious user may break the L3-agent, preventing further floating IPv4 addresses from being attached for the entire cloud. Only Neutron setups using IPv6 and L3-agent are affected.

CVSS Base Score: 4.0
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/93854&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Affected Products and Versions

Cloud Manager with OpenStack 4.1.0

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix| Required Action
—|—|—|—|—
Cloud Manager with OpenStack| 4.1.0| None| Cloud Manager with OpenStack 4.1.0.3 Fix Pack:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=4.1.0.2&platform=All&function=fixId&fixids=+4.1.0.3-IBM-CMWO-FP03+&includeSupersedes=0| Cloud Manager with OpenStack 4.1.0.3 Fix Pack:
http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400001884

Workarounds and Mitigations

Only IBM Cloud Manager with Openstack configurations using Neutron for networking and using IPv6 and the L3-agent are affected.

Related

prion 1
fedora 1
cve 1
openvas 2
debiancve 1
ubuntucve 1
nessus 2
veracode 1
redhat 1
ubuntu 1
securityvulns 1
prion
prion
Code injection
2014-07-11 14:55:00
fedora
fedora
[SECURITY] Fedora 20 Update: openstack-neutron-2013.2.3-9.fc20
2014-06-26 01:59:39
cve
cve
CVE-2014-4167
2014-07-11 14:55:00
openvas
openvas
Fedora Update for openstack-neutron FEDORA-2014-7446
2014-07-01 00:00:00
Ubuntu: Security Advisory (USN-2255-1)
2014-07-01 00:00:00
debiancve
debiancve
CVE-2014-4167
2014-07-11 14:55:00
ubuntucve
ubuntucve
CVE-2014-4167
2014-06-18 00:00:00
nessus
nessus
Fedora 20 : openstack-neutron-2013.2.3-9.fc20 (2014-7446)
2014-06-26 00:00:00
Ubuntu 14.04 LTS : OpenStack Neutron vulnerabilities (USN-2255-1)
2014-06-26 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:03:30
redhat
redhat
(RHSA-2014:0899) Moderate: openstack-neutron security, bug fix, and enhancement update
2014-07-17 00:00:00
ubuntu
ubuntu
OpenStack Neutron vulnerabilities
2014-06-25 00:00:00
securityvulns
securityvulns
OpenStack multiple security vulnerabilities
2014-06-19 00:00:00

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

JSON
Related for 1409648DE7B4BF3AFF56E9594B41BAA2ED1CA9B2E4A49CFF16BFA66774DEAAA8
prion1fedora1cve1openvas2debiancve1ubuntucve1nessus2veracode1redhat1ubuntu1securityvulns1