Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 28 Jul 2015 17:01:11 +0100
From: Kiall Mac Innes <kiall@...innes.ie>
To: oss-security@...ts.openwall.com
Subject: CVE Request - OpenStack Designate mDNS DoS through incorrect handling
 of large RecordSets

Hi,

Can I please have a CVE assigned for the following issue:

Launchpad Number: 1471161
CVE: TBA
Date: July 28, 2015
Title: Designate mDNS DoS through incorrect handling of large RecordSets
Reporter: Florian Weimer (Red Hat)
Products: Designate
Versions: 2015.1.0 through 1.0.0.0b1

Description:
Florian Weimer from Red Hat reported a vulnerability in Designate.
By creating a single RecordSet that exceeds the configured max allowed
DNS packet size, an authenticated user may cause the Designate mDNS
service to enter an infinite loop, triggering a DoS.

Liberty (development branch) fix:
https://review.openstack.org/206578

Kilo fix:
https://review.openstack.org/206580

Notes:
This fix will be included in a future 1.0.0.0b2 release.

References:
https://launchpad.net/bugs/1471161
http://lists.openstack.org/pipermail/openstack/2015-July/013548.html

-- Kiall Mac Innes, OpenStack Designate PTL

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.