CVE-2021-40085
published 2021-08-31CVE-2021-40085: An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a…
PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
1.89%
77.0th percentile
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | neutron | < neutron 2:18.1.0-3 (bookworm) | neutron 2:18.1.0-3 (bookworm) |
| openstack | neutron | < 16.4.1 | 16.4.1 |
| openstack | neutron | >= 0 < 2:17.2.1-0+deb11u1 | 2:17.2.1-0+deb11u1 |
| openstack | neutron | >= 0 < 2:18.1.0-3 | 2:18.1.0-3 |
| openstack | neutron | >= 0 < 2:18.1.0-3 | 2:18.1.0-3 |
| openstack | neutron | >= 0 < 2:18.1.0-3 | 2:18.1.0-3 |
| openstack | neutron | >= 0 < 16.4.1 | 16.4.1 |
| openstack | neutron | >= 0 < 2:12.1.1-0ubuntu8.1 | 2:12.1.1-0ubuntu8.1 |
| openstack | neutron | >= 0 < 2:16.4.2-0ubuntu6.2 | 2:16.4.2-0ubuntu6.2 |
| openstack | neutron | >= 0 < 2:20.3.0-0ubuntu1.1 | 2:20.3.0-0ubuntu1.1 |
| openstack | neutron | >= 17.0.0 < 17.2.1 | 17.2.1 |
| openstack | neutron | >= 17.0.0 < 17.2.1 | 17.2.1 |
| openstack | neutron | >= 18.0.0 < 18.1.1 | 18.1.1 |
| openstack | neutron | >= 18.0.0 < 18.1.1 | 18.1.1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
osv7.1HIGH
vendor_ubuntu7.1HIGH
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
neutron vulnerabilities
osv·2023-05-10·CVSS 7.1
CVE-2021-20267 [HIGH] neutron vulnerabilities
neutron vulnerabilities
David Sinquin discovered that OpenStack Neutron incorrectly handled the
default Open vSwitch firewall rules. An attacker could possibly use this
issue to impersonate the IPv6 addresses of other systems on the network.
This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2021-20267)
Jake Yip and Justin Mammarella discovered that OpenStack Neutron
incorrectly handled the linuxbridge driver when ebtables-nft is being
used. An attacker could possibly use this issue to impersonate the hardware
addresss of other systems on the network. This issue only affected Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-38598)
Pavel Toporkov discovered that OpenStack Neutron incorrectly handled
extra_dhcp_opts values. An attacker could possibly use this issue to
OSV
OpenStack Neutron vulnerable to authenticated attackers reconfiguring dnsmasq via crafted extra_dhcp_opts value
osv·2022-05-24
CVE-2021-40085 [HIGH] OpenStack Neutron vulnerable to authenticated attackers reconfiguring dnsmasq via crafted extra_dhcp_opts value
OpenStack Neutron vulnerable to authenticated attackers reconfiguring dnsmasq via crafted extra_dhcp_opts value
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
GHSA
OpenStack Neutron vulnerable to authenticated attackers reconfiguring dnsmasq via crafted extra_dhcp_opts value
ghsa·2022-05-24
CVE-2021-40085 [HIGH] OpenStack Neutron vulnerable to authenticated attackers reconfiguring dnsmasq via crafted extra_dhcp_opts value
OpenStack Neutron vulnerable to authenticated attackers reconfiguring dnsmasq via crafted extra_dhcp_opts value
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
OSV
CVE-2021-40085: An issue was discovered in OpenStack Neutron before 16
osv·2021-08-31·CVSS 6.5
CVE-2021-40085 [MEDIUM] CVE-2021-40085: An issue was discovered in OpenStack Neutron before 16
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
Ubuntu
OpenStack Neutron vulnerabilities
vendor_ubuntu·2023-05-10·CVSS 7.1
CVE-2021-20267 [HIGH] OpenStack Neutron vulnerabilities
Title: OpenStack Neutron vulnerabilities
Summary: Several security issues were fixed in OpenStack Neutron.
David Sinquin discovered that OpenStack Neutron incorrectly handled the
default Open vSwitch firewall rules. An attacker could possibly use this
issue to impersonate the IPv6 addresses of other systems on the network.
This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2021-20267)
Jake Yip and Justin Mammarella discovered that OpenStack Neutron
incorrectly handled the linuxbridge driver when ebtables-nft is being
used. An attacker could possibly use this issue to impersonate the hardware
addresss of other systems on the network. This issue only affected Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-38598)
Pavel Toporkov discovered that OpenStack Neutron incor
Red Hat
openstack-neutron: arbitrary dnsmasq reconfiguration via extra_dhcp_opts
vendor_redhat·2021-08-31·CVSS 6.5
CVE-2021-40085 [MEDIUM] CWE-20 openstack-neutron: arbitrary dnsmasq reconfiguration via extra_dhcp_opts
openstack-neutron: arbitrary dnsmasq reconfiguration via extra_dhcp_opts
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
An input-validation flaw was found in openstack-neutron, where an authenticated attacker could change the dnsmasq configuration. By crafting extra_dhcp_opts values, the attacker could crash the dnsmasq, change parameters for tenants sharing the same interface, or otherwise alter that daemon’s behavior. This flaw might also be used to trigger a configuration parsing buffer overflow in versions of dnsmasq prior to 2.81. The highest threat from this vulnerability is to system availability, but also threatens data confidentiality and
Debian
CVE-2021-40085: neutron - An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, ...
vendor_debian·2021·CVSS 6.5
CVE-2021-40085 [MEDIUM] CVE-2021-40085: neutron - An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, ...
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
Scope: local
bookworm: resolved (fixed in 2:18.1.0-3)
bullseye: resolved (fixed in 2:17.2.1-0+deb11u1)
forky: resolved (fixed in 2:18.1.0-3)
sid: resolved (fixed in 2:18.1.0-3)
trixie: resolved (fixed in 2:18.1.0-3)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2021/08/31/2https://launchpad.net/bugs/1939733https://lists.debian.org/debian-lts-announce/2021/10/msg00005.htmlhttps://lists.debian.org/debian-lts-announce/2022/05/msg00038.htmlhttps://security.openstack.org/ossa/OSSA-2021-005.htmlhttps://www.debian.org/security/2021/dsa-4983http://www.openwall.com/lists/oss-security/2021/08/31/2https://launchpad.net/bugs/1939733https://lists.debian.org/debian-lts-announce/2021/10/msg00005.htmlhttps://lists.debian.org/debian-lts-announce/2022/05/msg00038.htmlhttps://security.openstack.org/ossa/OSSA-2021-005.htmlhttps://www.debian.org/security/2021/dsa-4983
2021-08-31
Published