6.5

CVE-2015-5695

Exploit
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenstackDesignate Version1.0.0.0b1
OpenstackDesignate Version1.0.0a0
OpenstackDesignate Version2015.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.15% 0.797
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

http://lists.openstack.org/pipermail/openstack/2015-July/013548.html
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/07/28/11
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2015/07/29/6
Third Party Advisory
Mailing List
https://bugs.launchpad.net/designate/+bug/1471161
Third Party Advisory
Exploit
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1245241
Third Party Advisory
Issue Tracking
https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patch
Patch
Third Party Advisory
Mailing List