CVE-2021-40085
First published: Tue Aug 31 2021(Updated: )
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/neutron | 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1 2:17.2.1-0+deb11u1 2:21.0.0-7 2:23.0.0-2 | |
| debian/neutron | <=2:17.1.1-6<=2:18.1.0-2 | 2:18.1.0-3 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1 2:19.0.0~rc1-1 2:17.2.1-0+deb11u1 |
| OpenStack Neutron | <16.4.1 | |
| OpenStack Neutron | >=17.0.0<17.2.1 | |
| OpenStack Neutron | >=18.0.0<18.1.1 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| pip/neutron | >=18.0.0<18.1.1 | 18.1.1 |
| pip/neutron | >=17.0.0<17.2.1 | 17.2.1 |
| pip/neutron | <16.4.1 | 16.4.1 |
| <16.4.1 | ||
| >=17.0.0<17.2.1 | ||
| >=18.0.0<18.1.1 | ||
| =9.0 | ||
| =10.0 | ||
| =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.openwall.com/lists/oss-security/2021/08/31/2
- https://launchpad.net/bugs/1939733
- https://security-tracker.debian.org/tracker/CVE-2021-40085
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40085
- https://salsa.debian.org/openstack-team/services/neutron/-/commit/b4ddfab9af3d87809eb17502d0c2bf9d3bf4dc33
- https://bugs.debian.org/993398
- https://salsa.debian.org/openstack-team/services/neutron/-/commit/8a70539dc9afdb80b2f0aac4f8e44e784729c6ab
- https://salsa.debian.org/openstack-team/services/neutron/-/commit/efe0b21d0ebe8e36c8773076a3c347ca5478665e
- https://salsa.debian.org/openstack-team/services/neutron/-/commit/d10f649abf34ab9b85080667b448eb27fb2d96c2
- https://salsa.debian.org/openstack-team/services/neutron/-/commit/ffe208b6bd1e9840764b7568cf17200949de8959
- https://security-tracker.debian.org/tracker/CVE-2019-1087
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993398
- http://www.openwall.com/lists/oss-security/2021/08/31/2
- https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html
- https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html
- https://security.openstack.org/ossa/OSSA-2021-005.html
- https://www.debian.org/security/2021/dsa-4983
- https://nvd.nist.gov/vuln/detail/CVE-2021-40085
- https://github.com/openstack/neutron/commit/df891f0593d234e01f27d7c0376d9702e178ecfb
- https://github.com/advisories/GHSA-fh73-gjvg-349c (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-361.yaml
Frequently Asked Questions
What is CVE-2021-40085?
CVE-2021-40085 is a vulnerability discovered in OpenStack Neutron that allows authenticated attackers to reconfigure dnsmasq via a crafted extra_dhcp_opts value.
How can the CVE-2021-40085 vulnerability be exploited?
The CVE-2021-40085 vulnerability can be exploited by authenticated attackers who can manipulate the extra_dhcp_opts value to reconfigure dnsmasq.
What is the severity of CVE-2021-40085?
The severity of CVE-2021-40085 is medium, with a severity value of 6.5.
Which versions of OpenStack Neutron are affected by CVE-2021-40085?
OpenStack Neutron versions before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1 are affected by CVE-2021-40085.
How can I fix the CVE-2021-40085 vulnerability?
To fix the CVE-2021-40085 vulnerability, update your OpenStack Neutron to version 16.4.1, 17.2.1, or 18.1.1.
- collector/security-tracker-debian
- collector/debian-bugs
- alias/CVE-2021-40085
- collector/nvd-index
- agent/type
- agent/remedy
- agent/severity
- agent/description
- agent/author
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-fh73-gjvg-349c
- agent/references
- agent/last-modified-date
- agent/tags
- collector/github-advisory
- agent/trending
- package-manager/debian
- vendor/openstack
- canonical/openstack neutron
- version/openstack neutron/17.0.0
- version/openstack neutron/18.0.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- package-manager/pip