Bug 1245241 (CVE-2015-5694, CVE-2015-5695)

Summary: CVE-2015-5695 openstack-designate: Infinite loop with large resource record sets
Product: [Other] Security Response Reporter: Florian Weimer <fweimer>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, bnemec, chrisw, dallan, gkotton, gmollett, jjoyce, jschluet, kbasil, lhh, lpeer, markmc, mburns, nyechiel, rbryant, sclewis, security-response-team, slinaber, tdecacqu
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-06 06:22:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1236014, 1247952    
Bug Blocks: 1228320, 1245254    

Description Florian Weimer 2015-07-21 14:31:27 UTC 
It was discovered that the Designate component in OpenStack would enter
an infinite loop when processing an internal zone file transfer if a
managed DNS zone included a resource record set whose size exceeded the
limitations of the DNS protocol, leading to a denial of service.  Only
authenticated users with access to the Designate component can add such
resource record sets.

Acknowledgements:

This issue was discovered by Florian Weimer of Red Hat Product Security.
Comment 1 Martin Prpič 2015-07-29 10:33:40 UTC 
Public via:

http://seclists.org/oss-sec/2015/q3/226
Comment 2 Martin Prpič 2015-07-29 10:34:30 UTC 
Upstream bug:

https://bugs.launchpad.net/designate/+bug/1471161

External References:

http://lists.openstack.org/pipermail/openstack/2015-July/013548.html
Comment 3 Martin Prpič 2015-07-29 10:37:34 UTC 
Created openstack-designate tracking bugs for this issue:

Affects: openstack-rdo [bug 1247952]