CVE-2014-3555
published 2014-07-23CVE-2014-3555: OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long…
PriorityP415medium4CVSS 2.0
AVNACLAuSCNINAP
EPSS
2.21%
80.4th percentile
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | neutron | < neutron 2014.1.1-3 (bookworm) | neutron 2014.1.1-3 (bookworm) |
| openstack | neutron | — | — |
| openstack | neutron | — | — |
| openstack | neutron | — | — |
| openstack | neutron | — | — |
| openstack | neutron | >= 0 < 2014.1.1-3 | 2014.1.1-3 |
| openstack | neutron | >= 0 < 2014.1.1-3 | 2014.1.1-3 |
| openstack | neutron | >= 0 < 2014.1.1-3 | 2014.1.1-3 |
| openstack | neutron | >= 0 < 2014.1.1-3 | 2014.1.1-3 |
| openstack | neutron | >= 0 < 2013.2.4 | 2013.2.4 |
| openstack | neutron | >= 0 < 1:2014.1.2-0ubuntu1.1 | 1:2014.1.2-0ubuntu1.1 |
| openstack | neutron | >= 2014.1.0 < 2014.1.2 | 2014.1.2 |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv4.0MEDIUM
vendor_debian4.0MEDIUM
vendor_redhat4.0MEDIUM
vendor_ubuntu4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenStack Neutron allows remote authenticated users to cause a denial of service
ghsa·2022-05-17
CVE-2014-3555 [MEDIUM] OpenStack Neutron allows remote authenticated users to cause a denial of service
OpenStack Neutron allows remote authenticated users to cause a denial of service
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.
OSV
neutron vulnerabilities
osv·2014-08-21·CVSS 4.0
CVE-2014-3555 [MEDIUM] neutron vulnerabilities
neutron vulnerabilities
Liping Mao discovered that OpenStack Neutron did not properly handle
requests for a large number of allowed address pairs. A remote
authenticated attacker could exploit this to cause a denial of service.
(CVE-2014-3555)
Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain
tokens. An attacker could possibly use this issue to obtain authentication
tokens used in REST requests. (CVE-2014-4615)
OSV
CVE-2014-3555: OpenStack Neutron before 2013
osv·2014-07-23·CVSS 4.0
CVE-2014-3555 [MEDIUM] CVE-2014-3555: OpenStack Neutron before 2013
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.
Ubuntu
OpenStack Neutron vulnerabilities
vendor_ubuntu·2014-08-21·CVSS 4.0
CVE-2014-3555 [MEDIUM] OpenStack Neutron vulnerabilities
Title: OpenStack Neutron vulnerabilities
Summary: OpenStack Neutron could be made to expose sensitive information or crash.
Liping Mao discovered that OpenStack Neutron did not properly handle
requests for a large number of allowed address pairs. A remote
authenticated attacker could exploit this to cause a denial of service.
(CVE-2014-3555)
Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain
tokens. An attacker could possibly use this issue to obtain authentication
tokens used in REST requests. (CVE-2014-4615)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
openstack-neutron: Denial of Service in Neutron allowed address pair
vendor_redhat·2014-07-21·CVSS 4.0
CVE-2014-3555 [MEDIUM] CWE-400 openstack-neutron: Denial of Service in Neutron allowed address pair
openstack-neutron: Denial of Service in Neutron allowed address pair
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.
A denial of service flaw was found in neutron's handling of allowed address pairs. As there was no enforced quota on the amount of allowed address pairs, a sufficiently authorized user could possibly create a large number of firewall rules, impacting performance or potentially rendering a compute node unusable.
Debian
CVE-2014-3555: neutron - OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-...
vendor_debian·2014·CVSS 4.0
CVE-2014-3555 [MEDIUM] CVE-2014-3555: neutron - OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-...
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.
Scope: local
bookworm: resolved (fixed in 2014.1.1-3)
bullseye: resolved (fixed in 2014.1.1-3)
forky: resolved (fixed in 2014.1.1-3)
sid: resolved (fixed in 2014.1.1-3)
trixie: resolved (fixed in 2014.1.1-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-3555 openstack-neutron: Denial of Service in Neutron allowed address pair [fedora-20]
bugzilla·2014-07-23·CVSS 4.0
CVE-2014-3555 [MEDIUM] CVE-2014-3555 openstack-neutron: Denial of Service in Neutron allowed address pair [fedora-20]
CVE-2014-3555 openstack-neutron: Denial of Service in Neutron allowed address pair [fedora-20]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
fedora-20 tracking bug for openstack-ne
Bugzilla
CVE-2014-3555 openstack-neutron: Denial of Service in Neutron allowed address pair
bugzilla·2014-07-11·CVSS 4.0
CVE-2014-3555 [MEDIUM] CVE-2014-3555 openstack-neutron: Denial of Service in Neutron allowed address pair
CVE-2014-3555 openstack-neutron: Denial of Service in Neutron allowed address pair
The OpenStack project reports:
Title: Denial of Service in Neutron allowed address pair
Reporter: Liping Mao (Cisco)
Products: Neutron
Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.1
Description:
Liping Mao from Cisco reported a denial of service vulnerability in
Neutron's handling of allowed address pair. By creating a large number
of allowed address pairs, an authenticated user may overwhelm neutron
firewall rules and render compute nodes unusable. All Neutron setups are
affected.
Discussion:
Acknowledgements:
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Liping Mao from Cisco as the original reporter.
---
Created attachment 917901
ma
http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1119.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1120.htmlhttp://seclists.org/oss-sec/2014/q3/200http://secunia.com/advisories/60766http://secunia.com/advisories/60804http://www.securityfocus.com/bid/68765https://bugs.launchpad.net/neutron/+bug/1336207http://lists.openstack.org/pipermail/openstack-announce/2014-July/000255.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1119.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1120.htmlhttp://seclists.org/oss-sec/2014/q3/200http://secunia.com/advisories/60766http://secunia.com/advisories/60804http://www.securityfocus.com/bid/68765https://bugs.launchpad.net/neutron/+bug/1336207
2014-07-23
Published