Bug 1413517 (CVE-2016-2120) - CVE-2016-2120 pdns: crafted zone record can cause a denial of service
Summary: CVE-2016-2120 pdns: crafted zone record can cause a denial of service
Status: NEW
Alias: CVE-2016-2120
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20170115,repor...
Keywords: Security
Depends On: 1413518 1413519 1413520 1413521
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-16 09:31 UTC by Andrej Nemec
Modified: 2018-10-31 19:25 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)

Description Andrej Nemec 2017-01-16 09:31:18 UTC
An issue has been found in PowerDNS Authoritative Server allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.


References:
https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/
http://seclists.org/oss-sec/2017/q1/97

Comment 1 Andrej Nemec 2017-01-16 09:32:35 UTC
Created pdns tracking bugs for this issue:

Affects: fedora-all [bug 1413518]
Affects: epel-all [bug 1413520]

Comment 2 Andrej Nemec 2017-01-16 09:32:40 UTC
Created pdns-recursor tracking bugs for this issue:

Affects: fedora-all [bug 1413519]
Affects: epel-all [bug 1413521]


Note You need to log in before you can comment on or make changes to this bug.