Bug 1245241 – CVE-2015-5695 openstack-designate: Infinite loop with large resource record sets

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1245241 - (CVE-2015-5694, CVE-2015-5695) CVE-2015-5695 openstack-designate: Infinite loop with large resource record sets

Summary:	CVE-2015-5695 openstack-designate: Infinite loop with large resource record sets

Status:	CLOSED UPSTREAM

Aliases:	CVE-2015-5694, CVE-2015-5695

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20150728,reported=2...
Keywords:	Security

Depends On:	1236014 1247952
Blocks:	1228320 1245254
	Show dependency tree / graph

Reported:	2015-07-21 10:31 EDT by Florian Weimer
Modified:	2018-09-23 23:29 EDT (History)
CC List:	22 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2016-06-06 02:22:19 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Launchpad	1471161	None	None	None	Never

Groups: None (edit)

Description Florian Weimer 2015-07-21 10:31:27 EDT

It was discovered that the Designate component in OpenStack would enter
an infinite loop when processing an internal zone file transfer if a
managed DNS zone included a resource record set whose size exceeded the
limitations of the DNS protocol, leading to a denial of service.  Only
authenticated users with access to the Designate component can add such
resource record sets.

Acknowledgements:

This issue was discovered by Florian Weimer of Red Hat Product Security.

Comment 1 Martin Prpič 2015-07-29 06:33:40 EDT

Public via:

http://seclists.org/oss-sec/2015/q3/226

Comment 2 Martin Prpič 2015-07-29 06:34:30 EDT

Upstream bug:

https://bugs.launchpad.net/designate/+bug/1471161

External References:

http://lists.openstack.org/pipermail/openstack/2015-July/013548.html

Comment 3 Martin Prpič 2015-07-29 06:37:34 EDT

Created openstack-designate tracking bugs for this issue:

Affects: openstack-rdo [bug 1247952]

Note You need to log in before you can comment on or make changes to this bug.

abaron
aortega
apevec
ayoung
bnemec
chrisw
dallan
gkotton
gmollett
jjoyce
jschluet
kbasil
lhh
lpeer
markmc
mburns
nyechiel
rbryant
sclewis
security-response-team
slinaber
tdecacqu