Vulnerability Description
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Designate | 1.0.0.0b1 |
Related Weaknesses (CWE)
References
- http://lists.openstack.org/pipermail/openstack/2015-July/013548.htmlPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2015/07/28/11Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/07/29/6Mailing ListThird Party Advisory
- https://bugs.launchpad.net/designate/+bug/1471161ExploitIssue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1245241Issue TrackingThird Party Advisory
- https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patchMailing ListPatchThird Party Advisory
- http://lists.openstack.org/pipermail/openstack/2015-July/013548.htmlPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2015/07/28/11Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/07/29/6Mailing ListThird Party Advisory
- https://bugs.launchpad.net/designate/+bug/1471161ExploitIssue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1245241Issue TrackingThird Party Advisory
- https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patchMailing ListPatchThird Party Advisory
FAQ
What is CVE-2015-5695?
CVE-2015-5695 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might ...
How severe is CVE-2015-5695?
CVE-2015-5695 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5695?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Designate.