Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201202-04 ] PowerDNS: Denial of Service
Date: Wed, 22 Feb 2012 21:15:35
Message-Id: 4F454E0D.4080003@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201202-04
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: PowerDNS: Denial of Service
9 Date: February 22, 2012
10 Bugs: #398403
11 ID: 201202-04
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 A vulnerability in PowerDNS could allow a remote attacker to create a
19 Denial of Service condition.
20
21 Background
22 ==========
23
24 The PowerDNS nameserver is an authoritative-only nameserver which uses
25 a flexible backend architecture.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 net-dns/pdns < 3.0.1 >= 3.0.1
34
35 Description
36 ===========
37
38 A vulnerability has been found in PowerDNS which could cause a packet
39 loop of DNS responses.
40
41 Impact
42 ======
43
44 A remote attacker could send specially crafted DNS response packets,
45 possibly resulting in a Denial of Service condition.
46
47 Workaround
48 ==========
49
50 PowerDNS users can set "cache-ttl=0" in /etc/powerdns/pdns.conf and
51 then restart the PowerDNS daemon:
52
53 # /etc/init.d/pdns restart
54
55 Please review the PowerDNS Security Advisory below for more workaround
56 details.
57
58 Resolution
59 ==========
60
61 All PowerDNS users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot --verbose ">=net-dns/pdns-3.0.1"
65
66 References
67 ==========
68
69 [ 1 ] CVE-2012-0206
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0206
71 [ 2 ] PowerDNS Security Advisory 2012-01
72 http://doc.powerdns.com/powerdns-advisory-2012-01.html
73
74 Availability
75 ============
76
77 This GLSA and any updates to it are available for viewing at
78 the Gentoo Security Website:
79
80 http://security.gentoo.org/glsa/glsa-201202-04.xml
81
82 Concerns?
83 =========
84
85 Security is a primary focus of Gentoo Linux and ensuring the
86 confidentiality and security of our users' machines is of utmost
87 importance to us. Any security concerns should be addressed to
88 security@g.o or alternatively, you may file a bug at
89 https://bugs.gentoo.org.
90
91 License
92 =======
93
94 Copyright 2012 Gentoo Foundation, Inc; referenced text
95 belongs to its owner(s).
96
97 The contents of this document are licensed under the
98 Creative Commons - Attribution / Share Alike license.
99
100 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature