yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1798351] Re: DNS available externally on provider network

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jeremy Stanley <fungi@xxxxxxxxxxx>
Date: Fri, 28 Feb 2020 13:41:23 -0000
Reply-to: Bug 1798351 <1798351@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a duplicate of bug 1501206 ***
    https://bugs.launchpad.net/bugs/1501206

Thanks! I've switched this to public and marked it as a duplicate.

** Description changed:

- This issue is being treated as a potential security risk under
- embargo. Please do not make any public mention of embargoed
- (private) security vulnerabilities before their coordinated
- publication by the OpenStack Vulnerability Management Team in the
- form of an official OpenStack Security Advisory. This includes
- discussion of the bug or associated fixes in public forums such as
- mailing lists, code review systems and bug trackers. Please also
- avoid private disclosure to other individuals not already approved
- for access to this information, and provide this same reminder to
- those who are made aware of the issue prior to publication. All
- discussion should remain confined to this private bug report, and
- any proposed fixes should be added to the bug as attachments. This
- embargo shall not extend past 2020-05-27 and will be made
- public by or on that date if no fix is identified.
- 
  DNS is open for everyone on our external provider network and this can
  be used to do a amplification attack.
  
  Shouldn't this access at least be filtered for external parties?
  
  Tested on openstack pike

** Changed in: ossa
       Status: Incomplete => Won't Fix

** Information type changed from Private Security to Public

** This bug has been marked a duplicate of bug 1501206
   router:dhcp ports are open resolvers

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1798351

Title:
  DNS available externally on provider network

Status in neutron:
  New
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  DNS is open for everyone on our external provider network and this can
  be used to do a amplification attack.

  Shouldn't this access at least be filtered for external parties?

  Tested on openstack pike

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1798351/+subscriptions