CVE-2014-4167
published 2014-07-11CVE-2014-4167: The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of…
PriorityP413low3.5CVSS 2.0
AVNACMAuSCNINAP
EPSS
1.66%
73.7th percentile
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | neutron | < neutron 2014.1.1-1 (bookworm) | neutron 2014.1.1-1 (bookworm) |
| openstack | neutron | — | — |
| openstack | neutron | — | — |
| openstack | neutron | >= 0 < 2014.1.1-1 | 2014.1.1-1 |
| openstack | neutron | >= 0 < 2014.1.1-1 | 2014.1.1-1 |
| openstack | neutron | >= 0 < 2014.1.1-1 | 2014.1.1-1 |
| openstack | neutron | >= 0 < 2014.1.1-1 | 2014.1.1-1 |
| openstack | neutron | >= 0 < 1:2014.1-0ubuntu1.3 | 1:2014.1-0ubuntu1.3 |
| openstack | neutron | 2011.1 – 2013.2.3 | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv7.6HIGH
vendor_ubuntu7.6HIGH
vendor_debian3.5LOW
vendor_redhat3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OpenStack Neutron vulnerabilities
vendor_ubuntu·2014-06-25·CVSS 7.6
CVE-2013-6433 [HIGH] OpenStack Neutron vulnerabilities
Title: OpenStack Neutron vulnerabilities
Summary: Several security issues were fixed in OpenStack Neutron.
Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron
did not properly set up its sudo configuration. If a different flaw was
found in OpenStack Neutron, this vulnerability could be used to escalate
privileges. (CVE-2013-6433)
Stephen Ma and Christoph Thiel discovered that the openvswitch-agent in
OpenStack Neutron did not properly perform input validation when creating
security group rules when specifying --remote-ip-prefix. A remote
authenticated attacker could exploit this to prevent application of
additional rules. (CVE-2014-0187)
Thiago Martins discovered that OpenStack Neutron would inappropriately
apply SNAT rules to IPv6 subnets when using the L3-agen
Red Hat
openstack-neutron: L3-agent denial of service through IPv6 subnet
vendor_redhat·2014-04-17·CVSS 3.5
CVE-2014-4167 [LOW] openstack-neutron: L3-agent denial of service through IPv6 subnet
openstack-neutron: L3-agent denial of service through IPv6 subnet
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
Package: openstack-neutron (Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)) - Affected
Debian
CVE-2014-4167: neutron - The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and J...
vendor_debian·2014·CVSS 3.5
CVE-2014-4167 [LOW] CVE-2014-4167: neutron - The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and J...
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
Scope: local
bookworm: resolved (fixed in 2014.1.1-1)
bullseye: resolved (fixed in 2014.1.1-1)
forky: resolved (fixed in 2014.1.1-1)
sid: resolved (fixed in 2014.1.1-1)
trixie: resolved (fixed in 2014.1.1-1)
GHSA
GHSA-r7cp-gqhf-qm59: The L3-agent in OpenStack Neutron before 2013
ghsa_unreviewed·2022-05-14
CVE-2014-4167 [LOW] GHSA-r7cp-gqhf-qm59: The L3-agent in OpenStack Neutron before 2013
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
OSV
CVE-2014-4167: The L3-agent in OpenStack Neutron before 2013
osv·2014-07-11·CVSS 3.5
CVE-2014-4167 [LOW] CVE-2014-4167: The L3-agent in OpenStack Neutron before 2013
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
OSV
neutron vulnerabilities
osv·2014-06-25·CVSS 7.6
CVE-2013-6433 [HIGH] neutron vulnerabilities
neutron vulnerabilities
Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron
did not properly set up its sudo configuration. If a different flaw was
found in OpenStack Neutron, this vulnerability could be used to escalate
privileges. (CVE-2013-6433)
Stephen Ma and Christoph Thiel discovered that the openvswitch-agent in
OpenStack Neutron did not properly perform input validation when creating
security group rules when specifying --remote-ip-prefix. A remote
authenticated attacker could exploit this to prevent application of
additional rules. (CVE-2014-0187)
Thiago Martins discovered that OpenStack Neutron would inappropriately
apply SNAT rules to IPv6 subnets when using the L3-agent. A remote
authenticated attacker could exploit this to prevent floating IPv4
addre
No detection rules found.
No public exploits indexed.
http://seclists.org/oss-sec/2014/q2/572http://secunia.com/advisories/59533http://www.ubuntu.com/usn/USN-2255-1https://bugs.launchpad.net/neutron/+bug/1309195http://seclists.org/oss-sec/2014/q2/572http://secunia.com/advisories/59533http://www.ubuntu.com/usn/USN-2255-1https://bugs.launchpad.net/neutron/+bug/1309195
2014-07-11
Published