Bug 1245241 (CVE-2015-5694, CVE-2015-5695)

Summary: CVE-2015-5695 openstack-designate: Infinite loop with large resource record sets
Product: [Other] Security Response Reporter: Florian Weimer <fweimer>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, bnemec, chrisw, dallan, gkotton, gmollett, jjoyce, jschluet, kbasil, lhh, lpeer, markmc, mburns, nyechiel, rbryant, sclewis, security-response-team, slinaber, tdecacqu
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-06 06:22:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1236014, 1247952    
Bug Blocks: 1228320, 1245254    

Description Florian Weimer 2015-07-21 14:31:27 UTC
It was discovered that the Designate component in OpenStack would enter
an infinite loop when processing an internal zone file transfer if a
managed DNS zone included a resource record set whose size exceeded the
limitations of the DNS protocol, leading to a denial of service.  Only
authenticated users with access to the Designate component can add such
resource record sets.


This issue was discovered by Florian Weimer of Red Hat Product Security.

Comment 1 Martin Prpič 2015-07-29 10:33:40 UTC
Public via:


Comment 3 Martin Prpič 2015-07-29 10:37:34 UTC
Created openstack-designate tracking bugs for this issue:

Affects: openstack-rdo [bug 1247952]