Vulnerability Description
The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Neutron | >= 2011.1, <= 2013.2.3 |
| Canonical | Ubuntu Linux | 13.10 |
Related Weaknesses (CWE)
References
- http://seclists.org/oss-sec/2014/q2/572Mailing ListThird Party Advisory
- http://secunia.com/advisories/59533Permissions Required
- http://www.ubuntu.com/usn/USN-2255-1Third Party Advisory
- https://bugs.launchpad.net/neutron/+bug/1309195Issue TrackingVendor Advisory
- http://seclists.org/oss-sec/2014/q2/572Mailing ListThird Party Advisory
- http://secunia.com/advisories/59533Permissions Required
- http://www.ubuntu.com/usn/USN-2255-1Third Party Advisory
- https://bugs.launchpad.net/neutron/+bug/1309195Issue TrackingVendor Advisory
FAQ
What is CVE-2014-4167?
CVE-2014-4167 is a vulnerability with a CVSS score of 3.5 (LOW). The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by att...
How severe is CVE-2014-4167?
CVE-2014-4167 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4167?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Neutron, Canonical Ubuntu Linux.