[ASA-201805-1] powerdns: arbitrary code execution
Jelle van der Waa
jelle at archlinux.org
Wed May 9 19:05:35 UTC 2018
Arch Linux Security Advisory ASA-201805-1
Date : 2018-05-09
CVE-ID : CVE-2018-1046
Package : powerdns
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-686
The package powerdns before version 4.1.2-1 is vulnerable to arbitrary
Upgrade to 4.1.2-1.
# pacman -Syu "powerdns>=4.1.2-1"
The problem has been fixed upstream in version 4.1.2.
An issue has been found in the dnsreplay tool provided with PowerDNS
Authoritative, where replaying a specially crafted PCAP file can
trigger a stack based buffer overflow, leading to a crash and
potentially arbitrary code execution. This buffer overflow only occurs
when the --ecs-stamp option of dnsreplay is used. Regardless of this
issue, the use of dnsreplay with untrusted PCAP files is not advised.
A local attacker is be able to cause a denial of service or execute
arbitrary code via a specially crafted PCAP file.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: not available
More information about the arch-security