VAR-201501-0448
Vulnerability from variot - Updated: 2023-12-18 13:39The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each. OpenStack Neutron is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. OpenStack is a cloud platform management project jointly developed by the National Aeronautics and Space Administration (National Aeronautics and Space Administration) and Rackspace Corporation of the United States. Neutron is one of the network components that provides Network as a Service (NaaS), which can create a network between OpenStack services, connect network devices to the grid, and more. A security vulnerability exists in the L3 agent of OpenStack Neutron version 2014.2 and 2014.2.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0448",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "neutron",
"scope": "eq",
"trust": 1.9,
"vendor": "openstack",
"version": "2014.2"
},
{
"model": "neutron",
"scope": "eq",
"trust": 1.6,
"vendor": "openstack",
"version": "2014.2.1"
},
{
"model": "router advertisement daemon",
"scope": "eq",
"trust": 1.0,
"vendor": "litech",
"version": "2.0"
},
{
"model": "router advertisement daemon",
"scope": "eq",
"trust": 0.8,
"vendor": "litech design",
"version": "2.0+"
},
{
"model": "neutron",
"scope": "eq",
"trust": 0.8,
"vendor": "openstack",
"version": "2014.2.2"
},
{
"model": "neutron",
"scope": "lt",
"trust": 0.8,
"vendor": "openstack",
"version": "2014.2.x"
},
{
"model": "neutron",
"scope": "eq",
"trust": 0.3,
"vendor": "openstack",
"version": "2014.1.2"
}
],
"sources": [
{
"db": "BID",
"id": "71961"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007685"
},
{
"db": "NVD",
"id": "CVE-2014-8153"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-209"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:litech:router_advertisement_daemon:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openstack:neutron:2014.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:neutron:2014.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8153"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ihar Hrachyshka from Red Hat",
"sources": [
{
"db": "BID",
"id": "71961"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-209"
}
],
"trust": 0.9
},
"cve": "CVE-2014-8153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-8153",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-76098",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8153",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-209",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-76098",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76098"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007685"
},
{
"db": "NVD",
"id": "CVE-2014-8153"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-209"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each. OpenStack Neutron is prone to a local denial-of-service vulnerability. \nAttackers can exploit this issue to cause denial-of-service conditions. OpenStack is a cloud platform management project jointly developed by the National Aeronautics and Space Administration (National Aeronautics and Space Administration) and Rackspace Corporation of the United States. Neutron is one of the network components that provides Network as a Service (NaaS), which can create a network between OpenStack services, connect network devices to the grid, and more. A security vulnerability exists in the L3 agent of OpenStack Neutron version 2014.2 and 2014.2.1",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8153"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007685"
},
{
"db": "BID",
"id": "71961"
},
{
"db": "VULHUB",
"id": "VHN-76098"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8153",
"trust": 2.8
},
{
"db": "BID",
"id": "71961",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007685",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-209",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-76098",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76098"
},
{
"db": "BID",
"id": "71961"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007685"
},
{
"db": "NVD",
"id": "CVE-2014-8153"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-209"
}
]
},
"id": "VAR-201501-0448",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-76098"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:39:19.551000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug #1398779",
"trust": 0.8,
"url": "https://bugs.launchpad.net/neutron/+bug/1398779"
},
{
"title": "Bug #1399172",
"trust": 0.8,
"url": "https://bugs.launchpad.net/neutron/+bug/1399172"
},
{
"title": "Bug 1169408",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169408"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007685"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76098"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007685"
},
{
"db": "NVD",
"id": "CVE-2014-8153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://bugs.launchpad.net/neutron/+bug/1399172"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/71961"
},
{
"trust": 1.7,
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-january/000320.html"
},
{
"trust": 1.7,
"url": "https://bugs.launchpad.net/neutron/+bug/1398779"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8153"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8153"
},
{
"trust": 0.3,
"url": "http://www.openstack.org"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180469 "
},
{
"trust": 0.3,
"url": "https://review.openstack.org/#/c/141575/"
},
{
"trust": 0.3,
"url": "https://review.openstack.org/#/c/138688/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76098"
},
{
"db": "BID",
"id": "71961"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007685"
},
{
"db": "NVD",
"id": "CVE-2014-8153"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-209"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-76098"
},
{
"db": "BID",
"id": "71961"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007685"
},
{
"db": "NVD",
"id": "CVE-2014-8153"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-209"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-76098"
},
{
"date": "2015-01-08T00:00:00",
"db": "BID",
"id": "71961"
},
{
"date": "2015-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007685"
},
{
"date": "2015-01-15T15:59:08.607000",
"db": "NVD",
"id": "CVE-2014-8153"
},
{
"date": "2015-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-209"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-16T00:00:00",
"db": "VULHUB",
"id": "VHN-76098"
},
{
"date": "2015-01-08T00:00:00",
"db": "BID",
"id": "71961"
},
{
"date": "2015-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007685"
},
{
"date": "2015-01-16T00:37:24.223000",
"db": "NVD",
"id": "CVE-2014-8153"
},
{
"date": "2015-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-209"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-209"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenStack Neutron of L3 Service disruption in agents (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007685"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-209"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…