Bug 1177881 (CVE-2013-4769)

Summary: CVE-2013-4769 Eucalyptus: cloud controller (aka CLC) component DNS amplification DoS
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: agrimm, extras-orphan, gholms
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-12-31 03:31:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1177882    
Bug Blocks:    

Description Kurt Seifried 2014-12-31 03:30:22 UTC 
The Eucalyptus project reports:

ESA-16: Eucalyptus Can Act As An Open DNS Resolver

Overview
A security issue has been identified in the recursive DNS resolver implemented in Eucalyptus that affects publicly accessible Eucalyptus installations. An update is now available in 3.4.2 that resolves this issue. We advise updating all affected Eucalyptus installations as soon as possible.

Description
Eucalyptus implements a DNS service on the cloud controller (CLC) component to facilitate internal DNS lookups. An issue has been identified in the implementation of the recursive DNS resolver that could be exploited by external clients to participate in DNS amplification attacks, a type of distributed denial of service attack. This could also lead to denial of service to authorized clients. The issue affects all Eucalyptus installations where the CLC is publicly accessible and recursive DNS is enabled (see the dns.recursive.enabled property).

External reference:
https://www.eucalyptus.com/resources/security/advisories/esa-16
Comment 1 Kurt Seifried 2014-12-31 03:31:02 UTC 
Created eucalyptus tracking bugs for this issue:

Affects: fedora-20 [bug 1177882]