Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 29 Jul 2015 14:32:51 +0100
From: Kiall Mac Innes <kiall@...innes.ie>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE Request - OpenStack Designate mDNS DoS
 through incorrect handling of large RecordSets

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 28/07/15 22:09, cve-assign@...re.org wrote:
>>> https://launchpad.net/bugs/1471161
> 
>>> Designate does not enforce the DNS protocol limit concerning
>>> record set sizes
> 
>>> As a result, the rendering loop in desginate-mdns can does not
>>> make progress
> 
>>> https://bugs.launchpad.net/designate/+bug/1471161/comments/5
> 
>>> 1: Quotas were being bypassed as part of the v1 API.
> 
>> two CVE IDs:
> 
>> one for the original "does not enforce the DNS protocol limit 
>> concerning record set sizes" issue
> 
> Use CVE-2015-5694.
> 
> 
>> one for the "Quotas were being bypassed" issue.
> 
> Use CVE-2015-5695.
> 
> 

Great, Thank you.

Thanks,
Kiall
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVuNYCAAoJEHuWgzsGpgIasHEIAJlxDqvKFfZTQA0Nuoqr9jPP
+V+oZIjg4bGQTSrFi11Jq8D3fmyoqRCb47E/XC/8VPZkBk/lPJ6BcBiDcOu9flst
zw1J4qmcbxMeT9hCLmutcSZXI8KTWmpTczI3MN+RrgeDi4D2IEnkv+658b7mrOix
7JMW56pkOLWLCf5QNDRTWHHTpac6hA0C2svp3Jwv5uMh+UWMcjD4ob6SM0tlG59w
1ZRpGf/zE3UoabwJADXtNLewyb5CbI2qVUkvco/JeIZdFF0I/I8oRG7yxxotHYkg
6MvwDVN6cLCvwe28vo/Mm0rvVw9uf4hqVIfYwE3rGCfN4zlTRu0ncPwRuHg865I=
=S6kC
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ