Bug 772581

Summary: PowerDNS DoS Vulnerability
Product: [Fedora] Fedora Reporter: Ruben Kerkhof <ruben>
Component: pdnsAssignee: Ruben Kerkhof <ruben>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: kseifried, ruben
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pdns-2.9.22.6-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-01-19 01:28:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ruben Kerkhof 2012-01-09 10:22:24 UTC 
Description of problem:

From http://mailman.powerdns.com/pipermail/pdns-announce/2012-January/000151.html:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear PowerDNS users,

Tomorrow (Tuesday the 10th of January) at 9AM eastern time, 15:00 Central
European Time, we will be releasing an important PowerDNS Security Advisory.

This Advisory contains details of a Denial of Service issue within all
currently used versions of the PowerDNS Authoritative Server.

We will be releasing:
	* A configuration based workaround, which might have a performance
	  penalty

	* An iptables based workaround

	* Versions 2.9.22.5 and 3.0.1 of the Authoritative Server
		As source code
		Packages (static 32 bit and 64 bit for Debian and RPM based
		Linux distributions)

	* A one-line patch that solves the issue for source based users

	* Complete details of the problem

The denial of service attack is temporary in nature, but can be performed
using limited resources. There is no risk of a system compromise because of
this attack.

This pre-announcement is made to allow operators to schedule a maintenance
window to possibly upgrade or modify their systems.

If you anticipate requiring help upgrading your affected systems, please
contact powerdns.support at netherlabs.nl.

Some more details:
CVE: CVE-2012-0206
Date: 10th of January 2012

Affects: Most PowerDNS Authoritative Server versions < 3.0.1 (with the 
exception of 2.9.22.5)

Not affected: No versions of the PowerDNS Recursor ('pdns_recursor') are
affected.

Severity: High
Impact: Temporary denial of service
Exploit: Proof of concept
Risk of system compromise: No
Solution: Upgrade to PowerDNS Recursor 2.9.22.5 or 3.0.1
Workaround: Several

Kind regards,

Bert Hubert
Netherlabs
- -- 
PowerDNS Website: http://www.powerdns.com/
PowerDNS Community Website: http://wiki.powerdns.com/
PowerDNS Support & Development is provided by Netherlabs Computer Consulting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk8Kls4ACgkQHF7pkNLnFXXdNwCgiWBvUnrlFbwkVDD30q691noQ
qzMAn3cuNd/ErnTqudniE8M/fFYmW56Y
=wRvu
-----END PGP SIGNATURE-----
Comment 1 Kurt Seifried 2012-01-10 01:49:10 UTC 

*** This bug has been marked as a duplicate of bug 772570 ***
Comment 2 Fedora Update System 2012-01-10 13:26:45 UTC 
pdns-2.9.22.5-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/pdns-2.9.22.5-1.fc15
Comment 3 Fedora Update System 2012-01-10 13:27:49 UTC 
pdns-3.0.1-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/pdns-3.0.1-1.fc16
Comment 4 Fedora Update System 2012-01-11 05:58:17 UTC 
Package pdns-3.0.1-1.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pdns-3.0.1-1.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-0263/pdns-3.0.1-1.fc16
then log in and leave karma (feedback).
Comment 5 Fedora Update System 2012-01-19 01:28:07 UTC 
pdns-3.0.1-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2012-02-02 11:17:45 UTC 
pdns-2.9.22.6-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/pdns-2.9.22.6-1.fc15
Comment 7 Fedora Update System 2012-02-10 21:54:13 UTC 
pdns-2.9.22.6-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.