List Info

Thread: Two PowerDNS Recursor Vulnerabilities
Two PowerDNS Recursor Vulnerabilities
user name
 2006-11-13 19:34:59 
Please find attached two PowerDNS Recursor Vulnerabilities. 

PowerDNS Security Advisory 2006-01: Malformed TCP queries
can lead to a
buffer overflow which might be exploitable

   Table 1-1. PowerDNS Security Advisory

  
+-----------------------------------------------------------
-------------+
   | CVE          | CVE-2006-4251                           
               |
  
|--------------+--------------------------------------------
-------------|
   | Date         | 13th of November 2006                   
               |
  
|--------------+--------------------------------------------
-------------|
   | Affects      | PowerDNS Recursor versions 3.1.3 and
earlier, on all    |
   |              | operating systems.                      
               |
  
|--------------+--------------------------------------------
-------------|
   | Not affected | No versions of the PowerDNS
Authoritative Server        |
   |              | ('pdns_server') are affected.           
               |
  
|--------------+--------------------------------------------
-------------|
   | Severity     | Critical                                
               |
  
|--------------+--------------------------------------------
-------------|
   | Impact       | Potential remote system compromise.     
               |
  
|--------------+--------------------------------------------
-------------|
   | Exploit      | As far as we know, no exploit is
available as of 11th   |
   |              | of November 2006.                       
               |
  
|--------------+--------------------------------------------
-------------|
   | Solution     | Upgrade to PowerDNS Recursor 3.1.4, or
apply the        |
   |              | patches referred below and recompile    
               |
  
|--------------+--------------------------------------------
-------------|
   |              | Disable TCP access to the Recursor. This
will have      |
   |              | slight operational impact, but it is
likely that this   |
   |              | will not lead to meaningful degradation
of service.     |
   |              | Disabling access is best performed at
packet level,     |
   | Workaround   | either by configuring a firewall, or
instructing the    |
   |              | host operating system to drop TCP
connections to port   |
   |              | 53. Additionally, exposure can be
limited by            |
   |              | configuring the allow-from setting so
only trusted      |
   |              | users can query your nameserver.        
               |
  
+-----------------------------------------------------------
-------------+

   PowerDNS Recursor 3.1.3 and previous miscalculate the
length of incoming
   TCP DNS queries, and will attempt to read up to 4
gigabytes of query into
   a 65535 byte buffer.

   We have not verified if this problem might actually lead
to a system
   compromise, but are acting on the assumption that it
might.

   For distributors, a minimal patch is available on the
PowerDNS wiki.
   Additionally, those shipping very old versions of the
PowerDNS Recursor
   might benefit from this patch.

   The impact of these and other security problems can be
lessened by
   considering the advice in Chapter 7.

PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs
can make
PowerDNS exhaust allocated stack space, and crash

   Table 1-2. PowerDNS Security Advisory

  
+-----------------------------------------------------------
-------------+
   | CVE          | CVE-2006-4252                           
               |
  
|--------------+--------------------------------------------
-------------|
   | Date         | 13th of November 2006                   
               |
  
|--------------+--------------------------------------------
-------------|
   | Affects      | PowerDNS Recursor versions 3.1.3 and
earlier, on all    |
   |              | operating systems.                      
               |
  
|--------------+--------------------------------------------
-------------|
   | Not affected | No versions of the PowerDNS
Authoritative Server        |
   |              | ('pdns_server') are affected.           
               |
  
|--------------+--------------------------------------------
-------------|
   | Severity     | Moderate                                
               |
  
|--------------+--------------------------------------------
-------------|
   | Impact       | Denial of service                       
               |
  
|--------------+--------------------------------------------
-------------|
   | Exploit      | This problem can be triggered by sending
queries for    |
   |              | specifically configured domains         
               |
  
|--------------+--------------------------------------------
-------------|
   | Solution     | Upgrade to PowerDNS Recursor 3.1.4, or
apply commit     |
   |              | 919.                                    
               |
  
|--------------+--------------------------------------------
-------------|
   |              | None known. Exposure can be limited by
configuring the  |
   | Workaround   | allow-from setting so only trusted users
can query your |
   |              | nameserver.                             
               |
  
+-----------------------------------------------------------
-------------+

   PowerDNS would recurse endlessly on encountering a CNAME
loop consisting
   entirely of zero second CNAME records, eventually
exceeding resources and
   crashing.



-- 
http://www.PowerDNS.com  
   Open source, database driven DNS Software 
http://netherlabs.nl     
        Open and Closed source services
_______________________________________________
Pdns-announce mailing list
Pdns-announcemailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-anno
unce
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )