CVE-2015-8914
critical
CVSS v3
9.1
CVSS v2
6.4
VIR risk
9.1
Description
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.
Predictions
Exploit likelihood
94%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2015-8914
Vendor advisory: secalert@redhat.com — https://security.openstack.org/ossa/OSSA-2016-009.html
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2015-8914.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 2:8.1.2-1 |
| debian | bullseye | fixed | 2:8.1.2-1 |
| debian | forky | fixed | 2:8.1.2-1 |
| debian | sid | fixed | 2:8.1.2-1 |
| debian | trixie | fixed | 2:8.1.2-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| openstack | neutron | {"startIncluding":"7.0.0","endExcluding":"7.0.4"} | 7.0.4 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2015-8914
- https://access.redhat.com/errata/RHSA-2016:1473
- https://access.redhat.com/errata/RHSA-2016:1474
- https://bugs.launchpad.net/neutron/+bug/1502933
- https://github.com/openstack/neutron
- https://review.openstack.org/#/c/300233
- https://review.openstack.org/#/c/310648
- https://review.openstack.org/#/c/310652
- https://security.openstack.org/ossa/OSSA-2016-009.html
- http://www.openwall.com/lists/oss-security/2016/06/10/5
- http://www.openwall.com/lists/oss-security/2016/06/10/6
- https://www.suse.com/security/cve/CVE-2015-8914.html
- https://review.openstack.org/#/c/300233/
- https://review.openstack.org/#/c/310648/
- https://review.openstack.org/#/c/310652/
- https://security-tracker.debian.org/tracker/CVE-2015-8914
CWEs
CWE-254
Verify integrity in audit chain (admin only). AS-IS.