[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] PowerDNS Security Advisory 2019-03
From: Erik Winkels <erik.winkels () open-xchange ! com>
Date: 2019-03-18 21:45:09
Message-ID: 543049085.1124.1552945509406 () appsuite-guard ! open-xchange ! com
[Download RAW message or body]
Hi all,
Today we released PowerDNS Authoritative Server 4.1.7 and 4.0.7, fixing an important security \
issue in the HTTP remote backend that has recently been reported to us [1].
The issue is that PowerDNS Authoritative Server, when the HTTP remote backend is used in \
RESTful mode (without post=1 set), can be tricked by a remote user into connecting to an \
attacker-specified HTTP server instead of the configured one, via a crafted DNS query.
This can be used to cause a denial of service by preventing the remote backend from getting a \
response, content spoofing if the attacker can time its own query so that subsequent queries \
will use an attacker-controlled HTTP server instead of the configured one, and possibly \
information disclosure if the Authoritative Server has access to internal servers.
This issue has been assigned CVE-2019-3871.
PowerDNS Authoritative up to and including 4.1.6 is affected.
Please note that at the time of writing, PowerDNS Authoritative 3.4 and below are no longer \
supported, as described in [2].
The full security advisory is provided below, and can also be found at [3].
We would like to thank Adam Dobrawy, Frederico Silva and GregoryBrzeski from HyperOne.com for \
finding and subsequently reporting this issue!
Minimal patches are available at [4].
[1]: https://github.com/PowerDNS/pdns/issues/7573
[2]: https://doc.powerdns.com/authoritative/appendices/EOL.html
[3]: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
[4]: https://downloads.powerdns.com/patches/2019-03/
Best regards,
Erik Winkels
PowerDNS Security Advisory 2019-03: Insufficient validation in the HTTP remote backend
======================================================================================
- CVE: CVE-2019-3871
- Date: March 18th 2019
- Affects: PowerDNS Authoritative up to and including 4.1.6
- Not affected: 4.1.7, 4.0.7
- Severity: High
- Impact: Denial of Service, Information Disclosure, Content spoofing
- Exploit: This problem can be triggered via crafted queries
- Risk of system compromise: No
- Solution: Upgrade to a non-affected version
An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used \
in RESTful mode (without post=1 set), allowing a remote user to cause the HTTP backend to \
connect to an attacker-specified host instead of the configured one, via a crafted DNS query. \
This can be used to cause a denial of service by preventing the remote backend from getting a \
response, content spoofing if the attacker can time its own query so that subsequent queries \
will use an attacker-controlled HTTP server instead of the configured one, and possibly \
information disclosure if the Authoritative Server has access to internal servers.
This issue has been assigned CVE-2019-3871.
PowerDNS Authoritative up to and including 4.1.6 is affected.
Please note that at the time of writing, PowerDNS Authoritative 3.4 and below are no longer \
supported, as described in https://doc.powerdns.com/authoritative/appendices/EOL.html .
We would like to thank Adam Dobrawy, Frederico Silva and Gregory Brzeski from HyperOne.com for \
finding and subsequently reporting this issue!
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic