Sophie

Sophie

distrib > Mageia > 1 > i586 > by-pkgid > b24f4357c8479344be16703c233650c5 > files > 60

pdns-2.9.22-9.mga1.i586.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>PowerDNS Security Advisory 2006-01: Malformed TCP queries can lead to a buffer overflow which might be exploitable</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="PowerDNS manual"
HREF="index.html"><LINK
REL="UP"
TITLE="The PowerDNS dynamic nameserver"
HREF="powerdns.html"><LINK
REL="PREVIOUS"
TITLE="Security"
HREF="security-policy.html"><LINK
REL="NEXT"
TITLE="PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash"
HREF="powerdns-advisory-2006-02.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>PowerDNS manual</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="security-policy.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 1. The PowerDNS dynamic nameserver</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="powerdns-advisory-2006-02.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="POWERDNS-ADVISORY-2006-01"
>1.5. PowerDNS Security Advisory 2006-01: Malformed TCP queries can lead to a buffer overflow which might be exploitable</A
></H1
><P
>	<DIV
CLASS="TABLE"
><A
NAME="AEN2522"
></A
><P
><B
>Table 1-1. PowerDNS Security Advisory</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><COL><COL><TBODY
><TR
><TD
>		  CVE
		</TD
><TD
>		  CVE-2006-4251
		</TD
></TR
><TR
><TD
>		  Date
		</TD
><TD
>		  13th of November 2006
		</TD
></TR
><TR
><TD
>		  Affects
		</TD
><TD
>		  PowerDNS Recursor versions 3.1.3 and earlier, on all operating systems.
		</TD
></TR
><TR
><TD
>		  Not affected
		</TD
><TD
>		  No versions of the PowerDNS Authoritative Server ('pdns_server') are affected.
		</TD
></TR
><TR
><TD
>		  Severity 
		</TD
><TD
>		  Critical
		</TD
></TR
><TR
><TD
>		  Impact
		</TD
><TD
>		  Potential remote system compromise. 
		</TD
></TR
><TR
><TD
>		  Exploit
		</TD
><TD
>		  As far as we know, no exploit is available as of 11th of November 2006.
		</TD
></TR
><TR
><TD
>		  Solution
		</TD
><TD
>		  Upgrade to PowerDNS Recursor 3.1.4, or apply the patches referred below and recompile
		</TD
></TR
><TR
><TD
>		  Workaround
		</TD
><TD
>		  Disable TCP access to the Recursor. This will have slight operational impact, but it is likely that this will not lead
		  to meaningful degradation of service. Disabling access is best performed at packet level, either by configuring a firewall, or 
		  instructing the host operating system to drop TCP connections to port 53.
		  Additionally, exposure can be limited by configuring the <B
CLASS="COMMAND"
>allow-from</B
> setting so only trusted users
		  can query your nameserver.
		</TD
></TR
></TBODY
></TABLE
></DIV
>
      </P
><P
>	PowerDNS Recursor 3.1.3 and previous miscalculate the length of incoming TCP DNS queries, and will attempt to read up to 4 gigabytes of query
	into a 65535 byte buffer.
      </P
><P
>	We have not verified if this problem might actually lead to a system compromise, but are acting on the assumption that it might.
      </P
><P
>	For distributors, a minimal patch is available on <A
HREF="http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/915"
TARGET="_top"
>the PowerDNS wiki</A
>.
	Additionally, those shipping very old versions of the PowerDNS Recursor might benefit from this <A
HREF="http://ds9a.nl/tmp/cve-2006-4251.patch"
TARGET="_top"
>	  patch</A
>.
      </P
><P
>        The impact of these and other security problems can be lessened by considering the advice in <A
HREF="security.html"
>Chapter 7</A
>.
      </P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="security-policy.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="powerdns-advisory-2006-02.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Security</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="powerdns.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional