The Eucalyptus project reports: ESA-16: Eucalyptus Can Act As An Open DNS Resolver Overview A security issue has been identified in the recursive DNS resolver implemented in Eucalyptus that affects publicly accessible Eucalyptus installations. An update is now available in 3.4.2 that resolves this issue. We advise updating all affected Eucalyptus installations as soon as possible. Description Eucalyptus implements a DNS service on the cloud controller (CLC) component to facilitate internal DNS lookups. An issue has been identified in the implementation of the recursive DNS resolver that could be exploited by external clients to participate in DNS amplification attacks, a type of distributed denial of service attack. This could also lead to denial of service to authorized clients. The issue affects all Eucalyptus installations where the CLC is publicly accessible and recursive DNS is enabled (see the dns.recursive.enabled property). External reference: https://www.eucalyptus.com/resources/security/advisories/esa-16
Created eucalyptus tracking bugs for this issue: Affects: fedora-20 [bug 1177882]