[Yahoo-eng-team] [Bug 1378450] Re: [OSSA 2014-039] Maliciously crafted dns_nameservers will crash neutron (CVE-2014-7821)

Adam Gandelman Thu, 09 Apr 2015 12:01:25 -0700

** Changed in: neutron/juno
   Importance: Undecided => High

** Changed in: neutron/juno
       Status: Fix Released => Fix Committed


** Changed in: neutron/juno
    Milestone: 2014.2.1 => 2014.2.3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1378450

Title:
  [OSSA 2014-039] Maliciously crafted dns_nameservers will crash neutron
  (CVE-2014-7821)

Status in OpenStack Neutron (virtual network service):
  Fix Released
Status in neutron icehouse series:
  Fix Committed
Status in neutron juno series:
  Fix Committed
Status in OpenStack Security Advisories:
  Fix Released

Bug description:
  The following request body will crash neutron nodes.

  {"subnet": {"network_id": "2aeb163a-a415-4568-bb9e-9c0ac93d54e4", 
"ip_version": 4, 
  "cidr": "192.168.1.3/16", 
  "dns_nameservers": 
["111111111111111111111111111111111111111111111111111111111111"]}}

  Even strace stops logging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1378450/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1378450] Re: [OSSA 2014-039] Maliciously crafted dns_nameservers will crash neutron (CVE-2014-7821)

Reply via email to