[arch-security] [ASA-201701-29] powerdns: multiple issues
Arch Linux Security Advisory ASA-201701-29 ========================================== Severity: Medium Date : 2017-01-19 CVE-ID : CVE-2016-2120 CVE-2016-7068 CVE-2016-7072 CVE-2016-7073 CVE-2016-7074 Package : powerdns Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-147 Summary ======= The package powerdns before version 4.0.2-1 is vulnerable to multiple issues including denial of service and insufficient validation. Resolution ========== Upgrade to 4.0.2-1. # pacman -Syu "powerdns>=4.0.2-1" The problems have been fixed upstream in version 4.0.2. Workaround ========== None. Description =========== - CVE-2016-2120 (denial of service) An issue has been found in PowerDNS Authoritative Server allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary. - CVE-2016-7068 (denial of service) An issue has been found in PowerDNS allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour. - CVE-2016-7072 (denial of service) An issue has been found in PowerDNS Authoritative Server allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible. - CVE-2016-7073 (insufficient validation) An issue has been found in PowerDNS Authoritative Server and PowerDNS Recursor allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values in AXFRRetriever, leading to a possible replay attack. - CVE-2016-7074 (insufficient validation) An issue has been found in PowerDNS Authoritative Server and PowerDNS Recursor allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature. Impact ====== A remote attacker is able to perform a denial of service attack or bypass certain verification possibly leading to a replay attack. References ========== http://seclists.org/oss-sec/2017/q1/97 https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/ https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/ https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/ https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/ https://security.archlinux.org/CVE-2016-2120 https://security.archlinux.org/CVE-2016-7068 https://security.archlinux.org/CVE-2016-7072 https://security.archlinux.org/CVE-2016-7073 https://security.archlinux.org/CVE-2016-7074
participants (1)
-
Levente Polyak