Bug 1375149 (CVE-2016-5426, CVE-2016-5427)

Summary: CVE-2016-5426 CVE-2016-5427 pdns: Crafted queries can cause unexpected backend load
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ms, ruben, sander
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: pdns 3.4.10 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-12 10:00:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1375150, 1375151    
Bug Blocks:    

Description Adam Mariš 2016-09-12 09:58:53 UTC 
Two issues have been found in PowerDNS Authoritative Server allowing a remote, unauthenticated attacker to cause an abnormal load on the PowerDNS backend by sending crafted DNS queries, which might result in a partial denial of service if the backend becomes overloaded. SQL backends for example are particularly vulnerable to this kind of unexpected load if they have not been dimensioned for it.

The first issue is based on the fact that PowerDNS Authoritative Server accepts queries with a qname's length larger than 255 bytes. This issue has been assigned CVE-2016-5426.

The second issue is based on the fact that PowerDNS Authoritative Server does not properly handle dot inside labels. This issue has been assigned CVE-2016-5427.

PowerDNS Authoritative Server up to and including 3.4.9 is affected. No other versions are affected. The PowerDNS Recursor is not affected.

Upstream patch:

https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3

External References:

https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/
Comment 1 Adam Mariš 2016-09-12 09:59:32 UTC 
Created pdns tracking bugs for this issue:

Affects: fedora-23 [bug 1375150]
Affects: epel-all [bug 1375151]