Bugzilla – Bug 1189794
VUL-0: CVE-2021-40085: openstack-neutron: Arbitrary dnsmasq reconfiguration via extra_dhcp_opts
Last modified: 2024-06-07 12:15:31 UTC
This is an advance warning of a vulnerability discovered in OpenStack, to give you, as downstream stakeholders, a chance to coordinate the release of fixes and reduce the vulnerability window. Please treat the following information as confidential until the proposed public disclosure date. Title: Arbitrary dnsmasq reconfiguration via extra_dhcp_opts Reporter: Pavel Toporkov Products: Neutron Affects: <16.4.1, >=17.0.0 <17.2.1, >=18.0.0 <18.1.1 Description: Pavel Toporkov reported a vulnerability in Neutron. By supplying a specially crafted extra_dhcp_opts value, an authenticated user may add arbitrary configuration to the dnsmasq process in order to crash the service, change parameters for other tenants sharing the same interface, or otherwise alter that daemon's behavior. This vulnerability may also be used to trigger a configuration parsing buffer overflow in versions of dnsmasq prior to 2.81, which could lead to remote code execution. All Neutron deployments are affected. Proposed patch: See attached patches. Unless a flaw is discovered in them, these patches will be merged to their corresponding branches on the public disclosure date. CVE: CVE-2021-40085 Proposed public disclosure date/time: 2021-08-31, 1500UTC Please do not make the issue public (or release public patches) before this coordinated embargo date. Original private report: https://launchpad.net/bugs/1939733 For access to read and comment on this report, please reply to me with your Launchpad username and I will subscribe you. -- Jeremy Stanley
Created attachment 852031 [details] Upstream patches
This is now public, please @Jacek proceed with the submissions.
SUSE-SU-2022:1729-1: An update that solves 17 vulnerabilities, contains two features and has one errata is now available. Category: security (important) Bug References: 1118088,1179534,1184177,1186380,1189390,1189794,1192070,1192073,1192075,1193597,1193688,1193752,1194521,1194551,1194552,1194952,1194954,1199138 CVE References: CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-38155,CVE-2021-40085,CVE-2021-41182,CVE-2021-41183,CVE-2021-41184,CVE-2021-43813,CVE-2021-43818,CVE-2021-44716,CVE-2022-22815,CVE-2022-22816,CVE-2022-22817,CVE-2022-23451,CVE-2022-23452,CVE-2022-29970 JIRA References: SOC-11620,SOC-11621 Sources used: SUSE OpenStack Cloud Crowbar 9 (src): grafana-6.7.4-3.26.1, openstack-barbican-7.0.1~dev24-3.14.1, openstack-cinder-13.0.10~dev24-3.34.2, openstack-heat-gbp-14.0.1~dev4-3.9.1, openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1, openstack-ironic-11.1.5~dev18-3.28.2, openstack-keystone-14.2.1~dev9-3.28.2, openstack-neutron-13.0.8~dev206-3.40.1, openstack-neutron-gbp-14.0.1~dev33-3.31.1, python-Pillow-5.2.0-3.17.1, python-XStatic-jquery-ui-1.13.0.1-4.3.1, python-lxml-4.2.4-3.3.1, release-notes-suse-openstack-cloud-9.20220413-3.30.1, rubygem-sinatra-1.4.6-4.3.1 SUSE OpenStack Cloud 9 (src): ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1, grafana-6.7.4-3.26.1, openstack-barbican-7.0.1~dev24-3.14.1, openstack-cinder-13.0.10~dev24-3.34.2, openstack-heat-gbp-14.0.1~dev4-3.9.1, openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1, openstack-ironic-11.1.5~dev18-3.28.2, openstack-keystone-14.2.1~dev9-3.28.2, openstack-neutron-13.0.8~dev206-3.40.1, openstack-neutron-gbp-14.0.1~dev33-3.31.1, python-Pillow-5.2.0-3.17.1, python-XStatic-jquery-ui-1.13.0.1-4.3.1, python-lxml-4.2.4-3.3.1, release-notes-suse-openstack-cloud-9.20220413-3.30.1, venv-openstack-barbican-7.0.1~dev24-3.35.2, venv-openstack-cinder-13.0.10~dev24-3.38.1, venv-openstack-designate-7.0.2~dev2-3.35.1, venv-openstack-glance-17.0.1~dev30-3.33.1, venv-openstack-heat-11.0.4~dev4-3.35.1, venv-openstack-horizon-14.1.1~dev11-4.39.1, venv-openstack-ironic-11.1.5~dev18-4.33.1, venv-openstack-keystone-14.2.1~dev9-3.36.1, venv-openstack-magnum-7.2.1~dev1-4.35.1, venv-openstack-manila-7.4.2~dev60-3.41.1, venv-openstack-monasca-2.7.1~dev10-3.37.1, venv-openstack-monasca-ceilometer-1.8.2~dev3-3.35.1, venv-openstack-neutron-13.0.8~dev206-6.39.1, venv-openstack-nova-18.3.1~dev91-3.39.1, venv-openstack-octavia-3.2.3~dev7-4.35.1, venv-openstack-sahara-9.0.2~dev15-3.35.1, venv-openstack-swift-2.19.2~dev48-2.30.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1884-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1189794,1190339 CVE References: CVE-2021-40085,CVE-2021-40797 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): openstack-neutron-11.0.9~dev69-3.43.1, openstack-neutron-doc-11.0.9~dev69-3.43.1 SUSE OpenStack Cloud 8 (src): openstack-neutron-11.0.9~dev69-3.43.1, openstack-neutron-doc-11.0.9~dev69-3.43.1 HPE Helion Openstack 8 (src): openstack-neutron-11.0.9~dev69-3.43.1, openstack-neutron-doc-11.0.9~dev69-3.43.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.