CVE-2015-3221

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-3221
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://lists.openstack.org/pipermail/openstack-announce/2015-June/000377.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1680.html Vendor Advisory
http://www.securityfocus.com/bid/75368 Third Party Advisory VDB Entry
https://bugs.launchpad.net/neutron/+bug/1461054 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:neutron:*:*:*:*:*:*:*:*
History

13 Feb 2023, 00:48

Type Values Removed Values Added
References
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1232284', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1232284', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2015-3221', 'name': 'https://access.redhat.com/security/cve/CVE-2015-3221', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:1680', 'name': 'https://access.redhat.com/errata/RHSA-2015:1680', 'tags': [], 'refsource': 'MISC'}
Summary A Denial-of-Service flaw was found in the OpenStack Networking (neutron) L2 agent when using the iptables firewall driver. By submitting an address pair that is rejected as invalid by the ipset tool (with zero prefix size), an authenticated attacker can cause the L2 agent to crash. OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

02 Feb 2023, 16:16

Type Values Removed Values Added
Summary OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool. A Denial-of-Service flaw was found in the OpenStack Networking (neutron) L2 agent when using the iptables firewall driver. By submitting an address pair that is rejected as invalid by the ipset tool (with zero prefix size), an authenticated attacker can cause the L2 agent to crash.
References
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1232284 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2015-3221 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:1680 -
Information

Published : 2015-08-26 19:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-3221

Mitre link : CVE-2015-3221

CVE.ORG link : CVE-2015-3221

JSON object : View

Products Affected

openstack

  • neutron
CWE
CWE-20

Improper Input Validation