CVE-2014-8153 Information

Description

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2 when using radvd 2.0+ allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.

Reference

http://lists.openstack.org/pipermail/openstack-announce/2015-January/000320.html http://www.securityfocus.com/bid/71961 https://bugs.launchpad.net/neutron/+bug/1398779 https://bugs.launchpad.net/neutron/+bug/1399172 https://bugzilla.redhat.com/show_bug.cgi?id=1169408