Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <d664369b-77c6-b0e3-7d40-5d8ef912ee3d@powerdns.com>
Date: Mon, 11 Dec 2017 13:34:31 +0100
From: Remi Gacogne <remi.gacogne@...erdns.com>
To: oss-security@...ts.openwall.com
Subject: PowerDNS Security Advisory 2017-08

Hello everybody,

We just released PowerDNS Recursor 4.0.8, fixing a security issue
(CVE-2017-15120) affecting PowerDNS Recursor from 4.0.0 up to and
including 4.0.7. PowerDNS Recursor 3.7.4 and 4.1.0 are not affected. The
full security advisory can be found below and at
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-08.html

The issue is a parsing error while handling authoritative answers
containing a CNAME of a different class than IN, leading to a recursor
crash via a NULL-pointer dereference. We don't believe this crash to be
exploitable, but it results in an unauthenticated remote denial of
service which can be mitigated by running the recursor inside a
supervisor like supervisord or systemd so it can be automatically restarted.

We also provide a minimal patch for the 4.0.7 release at
https://downloads.powerdns.com/patches/2017-08/

Please feel free to contact me directly if you have any question.

Best regards,


Remi and the PowerDNS team

PowerDNS Security Advisory 2017-08: Crafted CNAME answer can cause a
=====================================================================
denial of service
=================

-  CVE: CVE-2017-15120
-  Date: December 11th 2017
-  Credit: Toshifumi Sakaguchi
-  Affects: PowerDNS Recursor from 4.0.0 up to and including 4.0.7
-  Not affected: PowerDNS Recursor 3.7.4, 4.0.8, 4.1.0
-  Severity: High
-  Impact:  Denial of service
-  Exploit: This problem can be triggered by an authoritative server
   sending a crafted CNAME answer with a class other than IN to the
Recursor.
-  Risk of system compromise: No
-  Solution: Upgrade to a non-affected version
-  Workaround: run the process inside a supervisor like supervisord or
systemd

An issue has been found in the parsing of authoritative answers in
PowerDNS Recursor, leading to a NULL pointer dereference when parsing a
specially crafted answer containing a CNAME of a different class than IN.
This issue has been assigned CVE-2017-15120.

When the PowerDNS Recursor is run inside a supervisor like supervisord
or systemd, it will be automatically restarted, limiting the impact to
somewhat degraded service.

PowerDNS Recursor from 4.0.0 up to and including 4.0.7 are affected.

For those unable to upgrade to a new version, a minimal patch is
`available <https://downloads.powerdns.com/patches/2017-08>`__

We would like to thank Toshifumi Sakaguchi for finding and subsequently
reporting this issue.




Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.