Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:33
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.openstack.org/pipermail/openstack/2015-July/013548.html - Patch, Vendor Advisory | |
References | () http://www.openwall.com/lists/oss-security/2015/07/28/11 - Mailing List, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2015/07/29/6 - Mailing List, Third Party Advisory | |
References | () https://bugs.launchpad.net/designate/+bug/1471161 - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1245241 - Issue Tracking, Third Party Advisory | |
References | () https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patch - Mailing List, Patch, Third Party Advisory |
Information
Published : 2017-08-31 22:29
Updated : 2024-11-21 02:33
NVD link : CVE-2015-5695
Mitre link : CVE-2015-5695
CVE.ORG link : CVE-2015-5695
JSON object : View
Products Affected
openstack
- designate
CWE
CWE-400
Uncontrolled Resource Consumption