CVE-2015-5695
First published: Thu Aug 31 2017(Updated: )
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/designate | =2015.1.0b2 | |
| OpenStack Designate | =1.0.0.0b1 | |
| OpenStack Designate | =1.0.0a0 | |
| OpenStack Designate | =2015.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.openstack.org/pipermail/openstack/2015-July/013548.html
- http://www.openwall.com/lists/oss-security/2015/07/28/11
- http://www.openwall.com/lists/oss-security/2015/07/29/6
- https://bugs.launchpad.net/designate/+bug/1471161
- https://bugzilla.redhat.com/show_bug.cgi?id=1245241
- https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patch
- https://nvd.nist.gov/vuln/detail/CVE-2015-5695
- https://github.com/pypa/advisory-database/tree/main/vulns/designate/PYSEC-2017-114.yaml
- https://www.openwall.com/lists/oss-security/2015/07/28/11
- https://www.openwall.com/lists/oss-security/2015/07/29/6
- https://github.com/advisories/GHSA-m6h2-634h-jcpj (Advisory)
Frequently Asked Questions
What is the severity of CVE-2015-5695?
CVE-2015-5695 has a high severity level due to its potential to cause a denial of service via an infinite loop.
How do I fix CVE-2015-5695?
To fix CVE-2015-5695, upgrade to a version of OpenStack Designate that enforces RecordSets per domain and quota limits.
What versions are affected by CVE-2015-5695?
CVE-2015-5695 affects OpenStack Designate versions 2015.1.0 through 1.0.0.0b1.
What impacts does CVE-2015-5695 have on OpenStack users?
CVE-2015-5695 could allow remote attackers to exploit the vulnerability causing service interruptions for OpenStack users.
Is there a workaround for CVE-2015-5695?
A temporary workaround for CVE-2015-5695 includes disabling zone file transfers until the vulnerability is patched.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/severity
- agent/softwarecombine
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-m6h2-634h-jcpj
- alias/CVE-2015-5695
- agent/software-canonical-lookup
- agent/references
- agent/last-modified-date
- agent/author
- collector/github-advisory
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- package-manager/pip
- vendor/openstack
- canonical/openstack designate
- version/openstack designate/1.0.0.0b1
- version/openstack designate/1.0.0a0
- version/openstack designate/2015.1.0