Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jul 2015 17:01:11 +0100
From: Kiall Mac Innes <kiall@...innes.ie>
To: oss-security@...ts.openwall.com
Subject: CVE Request - OpenStack Designate mDNS DoS through incorrect handling
 of large RecordSets

Hi,

Can I please have a CVE assigned for the following issue:

Launchpad Number: 1471161
CVE: TBA
Date: July 28, 2015
Title: Designate mDNS DoS through incorrect handling of large RecordSets
Reporter: Florian Weimer (Red Hat)
Products: Designate
Versions: 2015.1.0 through 1.0.0.0b1

Description:
Florian Weimer from Red Hat reported a vulnerability in Designate.
By creating a single RecordSet that exceeds the configured max allowed
DNS packet size, an authenticated user may cause the Designate mDNS
service to enter an infinite loop, triggering a DoS.

Liberty (development branch) fix:
https://review.openstack.org/206578

Kilo fix:
https://review.openstack.org/206580

Notes:
This fix will be included in a future 1.0.0.0b2 release.

References:
https://launchpad.net/bugs/1471161
http://lists.openstack.org/pipermail/openstack/2015-July/013548.html

-- Kiall Mac Innes, OpenStack Designate PTL

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ