1213377 – (CVE-2015-1868) CVE-2015-1868 pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms

Bug 1213377 (CVE-2015-1868) - CVE-2015-1868 pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms

Summary: CVE-2015-1868 pdns: Label decompression bug in PowerDNS can cause crashes on ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-1868
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1213832 1214703
Blocks:
TreeView+	depends on / blocked

Reported:	2015-04-20 12:28 UTC by Vasyl Kaigorodov
Modified:	2021-02-17 05:22 UTC (History)
CC List:	5 users (show)
Fixed In Version:	PowerDNS Recursor 3.6.3, PowerDNS Recursor 3.7.2, PowerDNS Authoritative Server 3.4.4
Clone Of:
Environment:
Last Closed:	2016-06-10 20:34:36 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vasyl Kaigorodov 2015-04-20 12:28:23 UTC

PowerDNS project has reported the following issue in PowerDNS:
"""
A bug was discovered in our label decompression code, making it possible for
names to refer to themselves, thus causing a loop during decompression. This
loop is capped at a 1000 iterations by a failsafe, making the issue harmless
on most platforms.

However, on specific platforms , the recursion involved in these 1000 steps causes memory
corruption leading to a quick crash, presumably because the default stack is
too small.

We recommend that all users upgrade to a corrected version if at all possible.
Alternatively, if you want to apply a minimal fix to your own tree, it can be
found in two parts:
https://github.com/PowerDNS/pdns/commit/adb10be102ddd4d2baf7a8adbb5673946fe5e555
https://github.com/PowerDNS/pdns/commit/3ec3e0fc71bc89ac41c7e6d8cd3f323f25233881
These should be trivial to backport to older versions by hand.

As for workarounds, only clients in allow-from are able to trigger the
degraded service, so this should be limited to your userbase; further,  we
recommend running your critical services under supervision such as systemd,
supervisord, daemontools, etc.
"""

Acknowledements:

Red Hat would like to thank the PowerDNS upstream project for reporting this issue. Upstream acknowledges Aki Tuomi as the original reporter.

Comment 1 Martin Prpič 2015-04-23 12:19:11 UTC

Created pdns tracking bugs for this issue:

Affects: fedora-all [bug 1214703]
Affects: epel-5 [bug 1213832]

Comment 2 Martin Prpič 2015-04-23 12:23:15 UTC

External References:

https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/

Comment 3 Fedora Update System 2015-04-29 19:17:17 UTC

pdns-recursor-3.7.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2015-04-29 19:17:25 UTC

pdns-recursor-3.7.2-1.el7 has been pushed to the Fedora EPEL 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2015-04-29 19:17:39 UTC

pdns-3.3.1-2.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2015-04-29 19:20:36 UTC

pdns-recursor-3.6.3-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2015-04-29 19:20:43 UTC

pdns-3.4.4-1.el7 has been pushed to the Fedora EPEL 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2015-04-30 11:39:20 UTC

pdns-recursor-3.7.2-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2015-04-30 11:40:16 UTC

pdns-recursor-3.7.2-1.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2015-04-30 11:41:41 UTC

pdns-3.3.1-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2015-04-30 11:43:37 UTC

pdns-3.4.4-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2015-04-30 11:46:07 UTC

pdns-recursor-3.7.2-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2015-04-30 11:48:18 UTC

pdns-3.4.4-1.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.