<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REL="HOME" TITLE="PowerDNS manual" HREF="index.html"><LINK REL="UP" TITLE="The PowerDNS dynamic nameserver" HREF="powerdns.html"><LINK REL="PREVIOUS" TITLE="PowerDNS Security Advisory 2006-01: Malformed TCP queries can lead to a buffer overflow which might be exploitable" HREF="powerdns-advisory-2006-01.html"><LINK REL="NEXT" TITLE="Acknowledgements" HREF="thanks-to.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >PowerDNS manual</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="powerdns-advisory-2006-01.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 1. The PowerDNS dynamic nameserver</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="thanks-to.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="POWERDNS-ADVISORY-2006-02" >1.6. PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash</A ></H1 ><P > <DIV CLASS="TABLE" ><A NAME="AEN2564" ></A ><P ><B >Table 1-2. PowerDNS Security Advisory</B ></P ><TABLE BORDER="1" CLASS="CALSTABLE" ><COL><COL><TBODY ><TR ><TD > CVE </TD ><TD > CVE-2006-4252 </TD ></TR ><TR ><TD > Date </TD ><TD > 13th of November 2006 </TD ></TR ><TR ><TD > Affects </TD ><TD > PowerDNS Recursor versions 3.1.3 and earlier, on all operating systems. </TD ></TR ><TR ><TD > Not affected </TD ><TD > No versions of the PowerDNS Authoritative Server ('pdns_server') are affected. </TD ></TR ><TR ><TD > Severity </TD ><TD > Moderate </TD ></TR ><TR ><TD > Impact </TD ><TD > Denial of service </TD ></TR ><TR ><TD > Exploit </TD ><TD > This problem can be triggered by sending queries for specifically configured domains </TD ></TR ><TR ><TD > Solution </TD ><TD > Upgrade to PowerDNS Recursor 3.1.4, or apply <A HREF="http://wiki.powerdns.com/projects/trac/changeset/919" TARGET="_top" >commit 919</A >. </TD ></TR ><TR ><TD > Workaround </TD ><TD > None known. Exposure can be limited by configuring the <B CLASS="COMMAND" >allow-from</B > setting so only trusted users can query your nameserver. </TD ></TR ></TBODY ></TABLE ></DIV > </P ><P > PowerDNS would recurse endlessly on encountering a CNAME loop consisting entirely of zero second CNAME records, eventually exceeding resources and crashing. </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="powerdns-advisory-2006-01.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="thanks-to.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >PowerDNS Security Advisory 2006-01: Malformed TCP queries can lead to a buffer overflow which might be exploitable</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="powerdns.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Acknowledgements</TD ></TR ></TABLE ></DIV ></BODY ></HTML >