Bug 1483870 (CVE-2016-7069) - CVE-2016-7069 dnsdist: Crafted backend responses can cause a denial of service
Summary: CVE-2016-7069 dnsdist: Crafted backend responses can cause a denial of service
Status: CLOSED CURRENTRELEASE
Alias: CVE-2016-7069
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20170821,reported=2...
Keywords: Security
Depends On: 1483872 1483873
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-08-22 07:38 UTC by Adam Mariš
Modified: 2019-06-08 22:14 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2018-05-31 13:42:21 UTC


Attachments (Terms of Use)

Description Adam Mariš 2017-08-22 07:38:32 UTC
An issue has been found in dnsdist in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash.

dnsdist up to and including 1.1.0 is affected on 32-bit systems. dnsdist 1.2.0 is not affected, dnsdist on 64-bit systems is not affected.

Reference:

https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html

Comment 1 Adam Mariš 2017-08-22 07:39:09 UTC
Created dnsdist tracking bugs for this issue:

Affects: epel-7 [bug 1483873]
Affects: fedora-all [bug 1483872]

Comment 2 Ruben Kerkhof 2018-05-31 13:42:21 UTC
This was fixed in dnsdist-1.2.0-1.el7 and dnsdist-1.2.0-1.fc26


Note You need to log in before you can comment on or make changes to this bug.