[ASA-201903-13] powerdns: insufficient validation

Remi Gacogne rgacogne at archlinux.org
Fri Mar 22 22:14:46 UTC 2019


Arch Linux Security Advisory ASA-201903-13
==========================================

Severity: High
Date    : 2019-03-22
CVE-ID  : CVE-2019-3871
Package : powerdns
Type    : insufficient validation
Remote  : Yes
Link    : https://security.archlinux.org/AVG-927

Summary
=======

The package powerdns before version 4.1.7-1 is vulnerable to
insufficient validation.

Resolution
==========

Upgrade to 4.1.7-1.

# pacman -Syu "powerdns>=4.1.7-1"

The problem has been fixed upstream in version 4.1.7.

Workaround
==========

None.

Description
===========

An issue has been found in PowerDNS Authoritative Server before 4.1.7,
when the HTTP remote backend is used in RESTful mode (without post=1
set), allowing a remote user to cause the HTTP backend to connect to an
attacker-specified host instead of the configured one, via a crafted
DNS query. This can be used to cause a denial of service by preventing
the remote backend from getting a response, content spoofing if the
attacker can time its own query so that subsequent queries will use an
attacker-controlled HTTP server instead of the configured one, and
possibly information disclosure if the Authoritative Server has access
to internal servers.

Impact
======

A remote user can cause a denial of service by preventing the remote
backend from getting a response, content spoofing if the attacker can
time its own query so that subsequent queries will use an attacker-
controlled HTTP server instead of the configured one, and possibly
information disclosure if the Authoritative Server has access to
internal servers.

References
==========

https://seclists.org/oss-sec/2019/q1/185
https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
https://github.com/PowerDNS/pdns/issues/7573
https://github.com/PowerDNS/pdns/pull/7577
https://security.archlinux.org/CVE-2019-3871

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20190322/b27ef161/attachment.sig>


More information about the arch-security mailing list