[prev in list] [next in list] [prev in thread] [next in thread]
List: pdns-users
Subject: [Pdns-users] PowerDNS Security Advisory 2015-02
From: Pieter Lexis <pieter.lexis () powerdns ! com>
Date: 2015-09-02 13:24:48
Message-ID: 55E6F8A0.9030507 () powerdns ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Hi all,
We'd like to make you aware of Security Advisory 2015-02 for PowerDNS.
A bug was recently found in our DNS packet parsing/generation code,
which, when exploited, can cause individual threads (disabling service)
or whole processes (allowing a supervisor to restart them) to crash with
just one or a few query packets.
* CVE: CVE-2015-5230
* Date: 2nd of September 2015
* Credit: Pyry Hakulinen and Ashish Shakla at Automattic
* Affects: PowerDNS Authoritative Server 3.4.0 through 3.4.5
* Not affected: PowerDNS Authoritative Server 3.4.6
* Severity: High
* Impact: Degraded service or Denial of service
* Exploit: This problem can be triggered by sending specially crafted
query packets
* Risk of system compromise: No
* Solution: Upgrade to a non-affected version
* Workaround: Run the Authoritative Server inside a supervisor when
`distributor-threads` is set to `1` to prevent Denial of Service.
No workaround for the degraded service exists
PowerDNS Authoritative Server 3.4.0-3.4.5 are affected. No other
versions are affected. The PowerDNS Recursor is not affected.
PowerDNS Authoritative Server 3.4.6 contains a fix to this issue. A
minimal patch is available [1].
This issue is entirely unrelated to Security Advisory 2015-01/CVE-2015-1868.
We'd like to thank Pyry Hakulinen and Ashish Shakla at Automattic for
finding and subsequently reporting this bug.
1 - https://downloads.powerdns.com/patches/2015-02/
--
Pieter Lexis
PowerDNS.COM BV - https://www.powerdns.com
["signature.asc" (application/pgp-signature)]
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic