CVE-2015-8914 – openstack-neutron: ICMPv6 source address spoofing vulnerability

https://notcve.org/view.php?id=CVE-2015-8914

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. El firewall IPTables en OpenStack Neutron en versiones anteriores a 7.0.4 y 8.0.0 hasta la versión 8.1.0 permite a atacantes remotos eludir un mecanismo destinado a la protección ICMPv6-spoofing y consecuentemente causar una denegación de servicio o interceptar tráfico de la red a través de de una dirección fuente local de enlace. Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests. • http://www.openwall.com/lists/oss-security/2016/06/10/5 http://www.openwall.com/lists/oss-security/2016/06/10/6 https://access.redhat.com/errata/RHSA-2016:1473 https://access.redhat.com/errata/RHSA-2016:1474 https://bugs.launchpad.net/neutron/+bug/1502933 https://review.openstack.org/#/c/300233 https://review.openstack.org/#/c/310648 https://review.openstack.org/#/c/310652 https://security.openstack.org/ossa/OSSA-2016-009.html https://access. • CWE-254: 7PK - Security Features •