[Openstack] [Security][LP# 1471161] Designate mDNS DoS through incorrect handling of large RecordSets

Kiall Mac Innes kiall at macinnes.ie
Tue Jul 28 15:52:36 UTC 2015


Launchpad Number: 1471161
CVE: TBA
Date: July 28, 2015
Title: Designate mDNS DoS through incorrect handling of large RecordSets
Reporter: Florian Weimer (Red Hat)
Products: Designate
Versions: 2015.1.0 through 1.0.0.0b1

Description:
Florian Weimer from Red Hat reported a vulnerability in Designate.
By creating a single RecordSet that exceeds the configured max allowed
DNS packet size, an authenticated user may cause the Designate mDNS
service to enter an infinite loop, triggering a DoS.

Liberty (development branch) fix:
https://review.openstack.org/206578

Kilo fix:
https://review.openstack.org/206580

Notes:
This fix will be included in a future 1.0.0.0b2 release.

References:
https://launchpad.net/bugs/1471161

-- Kiall Mac Innes, OpenStack Designate PTL
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x6DD192A2.asc
Type: application/pgp-keys
Size: 11184 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150728/ea4e7651/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150728/ea4e7651/attachment.sig>


More information about the Openstack mailing list