Mirantis OpenStack

radvd >= 2.0 blocks router update processing

Bug #1410811 reported by Alexander Ignatov on 2015-01-14

258

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Mirantis OpenStack	Fix Committed	High	Alexander Ignatov	Mirantis OpenStack 6.0-updates
6.0.x	Fix Released	High	Denis Meltsaykin	Mirantis OpenStack 6.0-mu-2
6.1.x	Fix Released	High	Alexander Ignatov	Mirantis OpenStack 6.1

Bug Description

This is [pre-OSSA] Vulnerability in OpenStack Neutron (CVE-2014-8153)

Original bug: https://bugs.launchpad.net/neutron/+bug/1398779

========================================================

In radvd 2.0+, daemonization code was rewritten, switching from libdaemon's daemon_fork() to Linux daemon() call.

If no logging method (-m option) is passed to radvd, and the default logging method is used (which is L_STDERR_SYSLOG), then daemon() is called with (1, 1) arguments, meaning no chroot (fine) and not closing stderr (left there for logging) (not fine). So execute() call that spawns radvd and expects it to daemonize and return code never actually completes, blocked on stderr.

The fix is to pass e.g. -m syslog to radvd to make it close stderr and return.

Tags:

CVE References

2014-8153

Revision history for this message

Alexander Ignatov (aignatov) wrote on 2015-01-14:

Fix is not applicable for 5.x versions since there was no radvd tool

Changed in mos:
status:	Fix Committed → In Progress

Revision history for this message

Alexander Ignatov (aignatov) wrote on 2015-01-14:

Fix commited by https://bugs.launchpad.net/mos/+bug/1409766

Dmitry Mescheryakov (dmitrymex) on 2015-06-23

information type:

Private Security → Public Security

Adam Heczko (aheczko-mirantis) on 2016-06-21

tags:

added: feature-security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.