CVE-2014-7821

Impact:
Moderate
Public Date:
2014-11-19
CWE:
CWE-20
Bugzilla:
1163457: CVE-2014-7821 openstack-neutron: DoS via maliciously crafted dns_nameservers
A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.

Find out more about CVE-2014-7821 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4
Base Metrics AV:N/AC:L/Au:S/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 (openstack-neutron) RHSA-2014:1938 2014-12-02
Red Hat Enterprise Linux OpenStack Platform 4.0 (openstack-neutron) RHSA-2015:0044 2015-01-13
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 (openstack-neutron) RHSA-2014:1942 2014-12-02

Acknowledgements

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Henry Yamauchi, Charles Neill and Michael Xin (Rackspace) as the original reporters.
Last Modified