Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
References
Link | Resource |
---|---|
http://lists.openstack.org/pipermail/openstack/2015-July/013548.html | Patch Vendor Advisory |
http://www.openwall.com/lists/oss-security/2015/07/28/11 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2015/07/29/6 | Mailing List Third Party Advisory |
https://bugs.launchpad.net/designate/+bug/1471161 | Exploit Issue Tracking Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1245241 | Issue Tracking Third Party Advisory |
https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patch | Mailing List Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-08-31 22:29
Updated : 2024-02-28 16:04
NVD link : CVE-2015-5695
Mitre link : CVE-2015-5695
CVE.ORG link : CVE-2015-5695
JSON object : View
Products Affected
openstack
- designate
CWE
CWE-400
Uncontrolled Resource Consumption