Bug 935263 (CVE-2015-3221) - VUL-0: CVE-2015-3221: openstack-neutron: Neutron L2 agent DoS through incorrect allowed address pairs
Summary: VUL-0: CVE-2015-3221: openstack-neutron: Neutron L2 agent DoS through incorre...
Status: RESOLVED FIXED
Alias: CVE-2015-3221
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv2:NVD:CVE-2015-3221:4.0:(AV:N/AC...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-18 13:04 UTC by Marcus Meissner
Modified: 2018-04-26 20:17 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 8 Swamp Workflow Management 2015-06-18 22:01:07 UTC 
bugbot adjusting priority
Comment 9 Marcus Meissner 2015-06-24 07:06:55 UTC 
is public now

===========================================================================
OSSA-2015-012: Neutron L2 agent DoS through incorrect allowed address pairs
===========================================================================

:Date: June 23, 2015
:CVE: CVE-2015-3221


Affects
~~~~~~~
- Neutron: 2014.2 versions through 2014.2.3 and 2015.1.0 version


Description
~~~~~~~~~~~
Darragh O'Reilly from HP reported a vulnerability in Neutron. By
adding an address pair which is rejected as invalid by the ipset tool,
an authenticated user may crash the Neutron L2 agent resulting in a
denial of service attack. Neutron setups using the IPTables firewall
driver are affected.


Patches
~~~~~~~
- https://review.openstack.org/194696 (Juno)
- https://review.openstack.org/194697 (Kilo)
- https://review.openstack.org/194695 (Liberty)


Credits
~~~~~~~
- Darragh O'Reilly from HP (CVE-2015-3221)


References
~~~~~~~~~~
- https://launchpad.net/bugs/1461054
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3221


Notes
~~~~~
- This fix will be included in future 2014.2.4 (juno) and 2015.1.1 (kilo)
  releases.
- Zero prefixed address pairs are no longer accepted by the Juno API, users
  need to use 0.0.0.0/1 and 128.0.0.1/1 or ::/1 and 8000::/1 instead. The
  fix_zero_length_ip_prefix.py tool is provided to clean ports previously
  configured with a zero prefixed address pair
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
Comment 10 Vincent Untz 2015-10-12 09:39:55 UTC 
Fix is in S:M:945 without CVE mentions. As we probably don't want to stop this update for this, I already added them for next update.
Comment 11 Vincent Untz 2015-10-13 11:59:51 UTC 
(In reply to Vincent Untz from comment #10)
> Fix is in S:M:945 without CVE mentions. As we probably don't want to stop
> this update for this, I already added them for next update.

CVE mention added in mr#74049.
Comment 12 Swamp Workflow Management 2015-11-02 17:31:54 UTC 
SUSE-SU-2015:1890-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (low)
Bug References: 935263,939691,943648,946882,948704
CVE References: CVE-2015-3221,CVE-2015-5240
Sources used:
SUSE OpenStack Cloud 5 (src):    crowbar-barclamp-neutron-1.9+git.1443859419.95e948a-12.2, openstack-neutron-2014.2.4~a0~dev103-16.2, openstack-neutron-doc-2014.2.4~a0~dev103-16.4
Comment 13 Swamp Workflow Management 2015-12-07 18:12:45 UTC 
SUSE-SU-2015:2220-1: An update that solves 5 vulnerabilities and has 6 fixes is now available.

Category: security (moderate)
Bug References: 927625,935017,935263,939691,942457,943648,944178,945923,948704,949070,949529
CVE References: CVE-2015-3221,CVE-2015-3241,CVE-2015-3280,CVE-2015-5240,CVE-2015-7713
Sources used:
SUSE OpenStack Cloud Compute 5 (src):    openstack-neutron-2014.2.4~a0~dev103-10.3, openstack-nova-2014.2.4~a0~dev80-14.1, python-python-memcached-1.54-2.1
Comment 14 Marcus Meissner 2015-12-08 14:10:07 UTC 
released