=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN432
_____________________________________________________________________

DATE                : 07/09/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Openstack Neutron versions prior to
                                   16.4.1, 17.2.1, 18.1.1.

=====================================================================
https://security.openstack.org/ossa/OSSA-2021-005.html
_____________________________________________________________________


OSSA-2021-005: Arbitrary dnsmasq reconfiguration via extra_dhcp_opts


Date

    August 31, 2021
CVE

    CVE-2021-40085

Affects¶

    Neutron: <16.4.1, >=17.0.0 <17.2.1, >=18.0.0 <18.1.1


Description¶

Pavel Toporkov reported a vulnerability in Neutron. By supplying a
specially crafted extra_dhcp_opts value, an authenticated user may add
arbitrary configuration to the dnsmasq process in order to crash the
service, change parameters for other tenants sharing the same interface,
or otherwise alter that daemon’s behavior. This vulnerability may also
be used to trigger a configuration parsing buffer overflow in versions
of dnsmasq prior to 2.81, which could lead to remote code execution. All
Neutron deployments are affected.


Patches¶

    https://review.opendev.org/806750 (Ussuri)

    https://review.opendev.org/806749 (Victoria)

    https://review.opendev.org/806748 (Wallaby)

    https://review.opendev.org/806746 (Xena)


Credits¶

    Pavel Toporkov (CVE-2021-40085)


References¶

    https://launchpad.net/bugs/1939733

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40085



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================