Bug 772581 - PowerDNS DoS Vulnerability
Summary: PowerDNS DoS Vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: pdns
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Ruben Kerkhof
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-01-09 10:22 UTC by Ruben Kerkhof
Modified: 2012-02-10 21:54 UTC (History)
2 users (show)

Fixed In Version: pdns-2.9.22.6-1.fc15
Clone Of:
Environment:
Last Closed: 2012-01-19 01:28:07 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Ruben Kerkhof 2012-01-09 10:22:24 UTC
Description of problem:

From http://mailman.powerdns.com/pipermail/pdns-announce/2012-January/000151.html:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear PowerDNS users,

Tomorrow (Tuesday the 10th of January) at 9AM eastern time, 15:00 Central
European Time, we will be releasing an important PowerDNS Security Advisory.

This Advisory contains details of a Denial of Service issue within all
currently used versions of the PowerDNS Authoritative Server.

We will be releasing:
	* A configuration based workaround, which might have a performance
	  penalty

	* An iptables based workaround

	* Versions 2.9.22.5 and 3.0.1 of the Authoritative Server
		As source code
		Packages (static 32 bit and 64 bit for Debian and RPM based
		Linux distributions)

	* A one-line patch that solves the issue for source based users

	* Complete details of the problem

The denial of service attack is temporary in nature, but can be performed
using limited resources. There is no risk of a system compromise because of
this attack.

This pre-announcement is made to allow operators to schedule a maintenance
window to possibly upgrade or modify their systems.

If you anticipate requiring help upgrading your affected systems, please
contact powerdns.support at netherlabs.nl.

Some more details:
CVE: CVE-2012-0206
Date: 10th of January 2012

Affects: Most PowerDNS Authoritative Server versions < 3.0.1 (with the 
exception of 2.9.22.5)

Not affected: No versions of the PowerDNS Recursor ('pdns_recursor') are
affected.

Severity: High
Impact: Temporary denial of service
Exploit: Proof of concept
Risk of system compromise: No
Solution: Upgrade to PowerDNS Recursor 2.9.22.5 or 3.0.1
Workaround: Several

Kind regards,

Bert Hubert
Netherlabs
- -- 
PowerDNS Website: http://www.powerdns.com/
PowerDNS Community Website: http://wiki.powerdns.com/
PowerDNS Support & Development is provided by Netherlabs Computer Consulting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk8Kls4ACgkQHF7pkNLnFXXdNwCgiWBvUnrlFbwkVDD30q691noQ
qzMAn3cuNd/ErnTqudniE8M/fFYmW56Y
=wRvu
-----END PGP SIGNATURE-----

Comment 1 Kurt Seifried 2012-01-10 01:49:10 UTC

*** This bug has been marked as a duplicate of bug 772570 ***

Comment 2 Fedora Update System 2012-01-10 13:26:45 UTC
pdns-2.9.22.5-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/pdns-2.9.22.5-1.fc15

Comment 3 Fedora Update System 2012-01-10 13:27:49 UTC
pdns-3.0.1-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/pdns-3.0.1-1.fc16

Comment 4 Fedora Update System 2012-01-11 05:58:17 UTC
Package pdns-3.0.1-1.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pdns-3.0.1-1.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-0263/pdns-3.0.1-1.fc16
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2012-01-19 01:28:07 UTC
pdns-3.0.1-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2012-02-02 11:17:45 UTC
pdns-2.9.22.6-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/pdns-2.9.22.6-1.fc15

Comment 7 Fedora Update System 2012-02-10 21:54:13 UTC
pdns-2.9.22.6-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.