CVE # Allocation request sent, based on VMT template. Copy of email:
A vulnerability was discovered in OpenStack Designate (see below).
In order to ensure full traceability, we need a CVE number assigned
that we can attach to private and public notifications. Please treat
the following information as confidential until further public
disclosure.
Title: Designate mDNS DoS through incorrect handling of large RecordSets
Reporter: Florian Weimer (Red Hat)
Products: OpenStack Designate
Affects: OpenStack Designate version 2015.1.0
Description:
Florian Weimer from Red Hat reported a vulnerability in Designate.
By creating a single RecordSet that exceeds the configured max
allowed DNS packet size, an authenticated user may cause the
Designate mDNS service to enter an infinite loop, triggering a DoS.
CVE # Allocation request sent, based on VMT template. Copy of email:
A vulnerability was discovered in OpenStack Designate (see below).
In order to ensure full traceability, we need a CVE number assigned
that we can attach to private and public notifications. Please treat
the following information as confidential until further public
disclosure.
Title: Designate mDNS DoS through incorrect handling of large RecordSets
Reporter: Florian Weimer (Red Hat)
Products: OpenStack Designate
Affects: OpenStack Designate version 2015.1.0
Description:
Florian Weimer from Red Hat reported a vulnerability in Designate.
By creating a single RecordSet that exceeds the configured max
allowed DNS packet size, an authenticated user may cause the
Designate mDNS service to enter an infinite loop, triggering a DoS.
Thanks in advance,
Kiall Mac Innes