Vulnerability CVE-2014-8153

Vulnerability Name:

CVE-2014-8153 (CCN-100237)

Assigned:

2014-12-04

Published:

2014-12-04

Updated:

2015-01-16

Summary:

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.

CVSS v3 Severity:

3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2014-8153

Source: MLIST
Type: Vendor Advisory
[openstack-announce] 20150108 [OSSA 2015-001] L3 agent denial of service with radvd 2.0+ (CVE-2014-8153)

Source: CCN
Type: oss-security Mailing List, Thu, 08 Jan 2015 12:53:59 -0500
[OSSA 2015-001] L3 agent denial of service with radvd 2.0+ (CVE-2014-8153)

Source: BID
Type: UNKNOWN
71961

Source: CCN
Type: BID-71961
OpenStack Neutron CVE-2014-8153 Local Denial of Service Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugs.launchpad.net/neutron/+bug/1398779

Source: CCN
Type: OSSA 2015-001
L3 agent DoS vulnerability (CVE-2014-8153)

Source: CONFIRM
Type: UNKNOWN
https://bugs.launchpad.net/neutron/+bug/1399172

Source: MISC
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1169408

Source: XF
Type: UNKNOWN
neutron-cve20148153-dos(100237)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-8153

Vulnerable Configuration:

Configuration 1:

cpe:/a:litech:router_advertisement_daemon:2.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:openstack:neutron:2014.2:*:*:*:*:*:*:*

OR cpe:/a:openstack:neutron:2014.2.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openstack:neutron:2014.2:*:*:*:*:*:*:*

OR cpe:/a:litech:router_advertisement_daemon:2.0:*:*:*:*:*:*:*

OR cpe:/a:openstack:neutron:2014.2.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20148153	V	CVE-2014-8153	2022-05-22
oval:org.opensuse.security:def:55239	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:5085	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:5072	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:55922	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:5745	P	Security update for jetty-minimal (Important)	2021-06-17
oval:org.opensuse.security:def:5063	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:5054	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:5723	P	Security update for snakeyaml (Important)	2021-06-07
oval:org.opensuse.security:def:5021	P	Security update for openldap2 (Moderate)	2021-01-14
oval:org.opensuse.security:def:11253	P	openstack-neutron-2014.2.2.dev26-3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4794	P	Security update for nginx (Moderate)	2020-12-02
oval:org.opensuse.security:def:4887	P	Security update for xen (Important)	2020-12-02
oval:org.opensuse.security:def:4921	P	Security update for skopeo (Moderate)	2020-12-02
oval:org.opensuse.security:def:4772	P	Security update for openssh (Important)	2020-12-02
oval:org.opensuse.security:def:4840	P	Security update for squid (Moderate)	2020-12-02
oval:org.opensuse.security:def:4764	P	Security update for ovmf (Moderate)	2020-12-02
oval:org.opensuse.security:def:4902	P	Security update for virt-bootstrap (Moderate)	2020-12-02
oval:org.opensuse.security:def:4996	P	Security update for php7 (Important)	2020-12-02
oval:org.opensuse.security:def:55756	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:56207	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:55077	P	coreutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56407	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:56519	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:55650	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:56315	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:55099	P	emacs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56481	P	Security update for libwpd (Important)	2020-12-01
oval:org.opensuse.security:def:55477	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:55076	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56600	P	Security update for libvirt (Moderate)	2020-12-01
oval:com.ubuntu.trusty:def:20148153000	V	CVE-2014-8153 on Ubuntu 14.04 LTS (trusty) - medium.	2015-01-15

BACK