CVE-2014-7821

openstack-neutron: DoS via maliciously crafted dns_nameservers

Severity Score

4.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

OpenStack Neutron anterior a 2014.1.4 y 2014.2.x anterior a 2014.2.1 permite a usuarios remotos autenticados causar una denegación de servicio (caída) a través de un valor dns_nameservers manipulado en la configuración DNS.

A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.

*Credits: N/A

CVSS Scores

NISTv2 4.0

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-10-03 CVE Reserved
2014-11-24 CVE Published
2024-07-06 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-399: Resource Management Errors

CAPEC

References (11)

URL	Tag	Source
http://secunia.com/advisories/62586	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html	Third Party Advisory
https://bugs.launchpad.net/neutron/+bug/1378450	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/98818	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://lists.openstack.org/pipermail/openstack-announce/2014-November/000303.html	2023-02-13

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2014-1938.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2014-1942.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-0044.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2014-7821	2015-01-13
https://bugzilla.redhat.com/show_bug.cgi?id=1163457	2015-01-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Neutron Search vendor "Openstack" for product "Neutron"				>= 2012.2.1 < 2014.1.4 Search vendor "Openstack" for product "Neutron" and version " >= 2012.2.1 < 2014.1.4"		-		Affected
Openstack Search vendor "Openstack"		Neutron Search vendor "Openstack" for product "Neutron"				>= 2014.2 < 2014.2.1 Search vendor "Openstack" for product "Neutron" and version " >= 2014.2 < 2014.2.1"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				20 Search vendor "Fedoraproject" for product "Fedora" and version "20"		-		Affected
Redhat Search vendor "Redhat"		Openstack Search vendor "Redhat" for product "Openstack"				4.0 Search vendor "Redhat" for product "Openstack" and version "4.0"		-		Affected