Vulnerability in Openstack Neutron

CVE-2014-4167

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 r…

EPSS: 0.006 (70.6th percentile) — read the EPSS interpretation.

Affected products

Openstack Neutron — versions 2014.1, 2014.1.1
Canonical Ubuntu_linux — versions 13.10, 14.04
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

cve@mitre.org (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
[oss-security] 20140618 [OSSA 2014-019] Neutron L3-agent DoS through IPv6 subnet (CVE-2014-4167) (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
59533 (Permissions Required, x_refsource_SECUNIA, third-party-advisory)
USN-2255-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)