<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="PowerDNS manual"
HREF="index.html"><LINK
REL="UP"
TITLE="The PowerDNS dynamic nameserver"
HREF="powerdns.html"><LINK
REL="PREVIOUS"
TITLE="PowerDNS Security Advisory 2006-01: Malformed TCP queries can lead to a buffer overflow which might be exploitable"
HREF="powerdns-advisory-2006-01.html"><LINK
REL="NEXT"
TITLE="Acknowledgements"
HREF="thanks-to.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>PowerDNS manual</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="powerdns-advisory-2006-01.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 1. The PowerDNS dynamic nameserver</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="thanks-to.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="POWERDNS-ADVISORY-2006-02"
>1.6. PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash</A
></H1
><P
>	<DIV
CLASS="TABLE"
><A
NAME="AEN2564"
></A
><P
><B
>Table 1-2. PowerDNS Security Advisory</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><COL><COL><TBODY
><TR
><TD
>		  CVE
		</TD
><TD
>		  CVE-2006-4252
		</TD
></TR
><TR
><TD
>		  Date
		</TD
><TD
>		  13th of November 2006
		</TD
></TR
><TR
><TD
>		  Affects
		</TD
><TD
>		  PowerDNS Recursor versions 3.1.3 and earlier, on all operating systems.
		</TD
></TR
><TR
><TD
>		  Not affected
		</TD
><TD
>		  No versions of the PowerDNS Authoritative Server ('pdns_server') are affected.
		</TD
></TR
><TR
><TD
>		  Severity 
		</TD
><TD
>		  Moderate
		</TD
></TR
><TR
><TD
>		  Impact
		</TD
><TD
>		  Denial of service
		</TD
></TR
><TR
><TD
>		  Exploit
		</TD
><TD
>		  This problem can be triggered by sending queries for specifically configured domains
		</TD
></TR
><TR
><TD
>		  Solution
		</TD
><TD
>		  Upgrade to PowerDNS Recursor 3.1.4, or apply <A
HREF="http://wiki.powerdns.com/projects/trac/changeset/919"
TARGET="_top"
>commit 919</A
>.
		</TD
></TR
><TR
><TD
>		  Workaround
		</TD
><TD
>		  None known. Exposure can be limited by configuring the <B
CLASS="COMMAND"
>allow-from</B
> setting so only trusted users
		  can query your nameserver.
		</TD
></TR
></TBODY
></TABLE
></DIV
>
      </P
><P
>	PowerDNS would recurse endlessly on encountering a CNAME loop consisting entirely of zero second CNAME records, eventually exceeding resources and crashing.
      </P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="powerdns-advisory-2006-01.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="thanks-to.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>PowerDNS Security Advisory 2006-01: Malformed TCP queries can lead to a buffer overflow which might be exploitable</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="powerdns.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Acknowledgements</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>