Bug 1483870 (CVE-2016-7069) - CVE-2016-7069 dnsdist: Crafted backend responses can cause a denial of service
Summary: CVE-2016-7069 dnsdist: Crafted backend responses can cause a denial of service
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2016-7069
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1483872 1483873
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-08-22 07:38 UTC by Adam Mariš
Modified: 2019-09-29 14:19 UTC (History)
2 users (show)

Fixed In Version: dnsdist 1.2.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-05-31 13:42:21 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2017-08-22 07:38:32 UTC 
An issue has been found in dnsdist in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash.

dnsdist up to and including 1.1.0 is affected on 32-bit systems. dnsdist 1.2.0 is not affected, dnsdist on 64-bit systems is not affected.

Reference:

https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html
Comment 1 Adam Mariš 2017-08-22 07:39:09 UTC 
Created dnsdist tracking bugs for this issue:

Affects: epel-7 [bug 1483873]
Affects: fedora-all [bug 1483872]
Comment 2 Ruben Kerkhof 2018-05-31 13:42:21 UTC 
This was fixed in dnsdist-1.2.0-1.el7 and dnsdist-1.2.0-1.fc26
Note You need to log in before you can comment on or make changes to this bug.