oss-sec mailing list archives
CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets
From: Kiall Mac Innes <kiall () macinnes ie>
Date: Tue, 28 Jul 2015 17:01:11 +0100
Hi, Can I please have a CVE assigned for the following issue: Launchpad Number: 1471161 CVE: TBA Date: July 28, 2015 Title: Designate mDNS DoS through incorrect handling of large RecordSets Reporter: Florian Weimer (Red Hat) Products: Designate Versions: 2015.1.0 through 1.0.0.0b1 Description: Florian Weimer from Red Hat reported a vulnerability in Designate. By creating a single RecordSet that exceeds the configured max allowed DNS packet size, an authenticated user may cause the Designate mDNS service to enter an infinite loop, triggering a DoS. Liberty (development branch) fix: https://review.openstack.org/206578 Kilo fix: https://review.openstack.org/206580 Notes: This fix will be included in a future 1.0.0.0b2 release. References: https://launchpad.net/bugs/1471161 http://lists.openstack.org/pipermail/openstack/2015-July/013548.html -- Kiall Mac Innes, OpenStack Designate PTL
Current thread:
- CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets Kiall Mac Innes (Jul 28)
- Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets cve-assign (Jul 28)
- Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets Kiall Mac Innes (Jul 28)
- Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets cve-assign (Jul 28)
- Re: Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets Kiall Mac Innes (Jul 29)
- Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets cve-assign (Jul 28)