Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 9 May 2018 10:15:31 +0200
From: Remi Gacogne <remi.gacogne@...erdns.com>
To: oss-security@...ts.openwall.com
Subject: PowerDNS Security Advisory 2018-02

Hello everybody,

We released PowerDNS Authoritative 4.1.2 yesterday, fixing a security
issue (CVE-2018-1046) affecting the dnsreplay tool included with it.
Versions of dnsreplay from 4.0.0 up to and including 4.1.1 are
vulnerable. The full security advisory can be found below and at
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html

The issue is a stack-based buffer overflow occurring when replaying a
specially crafted PCAP file with the `--ecs-stamp` option enabled,
leading to a denial of service or potentially arbitrary code execution.
Regardless of this issue, we do not advise the use of dnsreplay with
untrusted PCAP files.

The commit fixing the issue can be found here:
https://github.com/PowerDNS/pdns/commit/f9c57c98da1b1007a51680629b667d57d9b702b8

We would like to thank Wei Hao for finding and subsequently reporting
this issue.

Please feel free to contact me directly if you have any question.

Best regards,

Remi and the PowerDNS team


PowerDNS Security Advisory 2018-02: Buffer overflow in dnsreplay
================================================================

-  CVE: CVE-2018-1046
-  Date: May 8th 2018
-  Credit: Wei Hao
-  Affects: dnsreplay from 4.0.0 up to and including 4.1.1
-  Not affected: dnsreplay 3.4.11, 4.1.2
-  Severity: High
-  Impact: Arbitrary code execution
-  Exploit: This problem can be triggered via a crafted PCAP file
-  Risk of system compromise: Yes
-  Solution: Upgrade to a non-affected version

An issue has been found in the dnsreplay tool provided with PowerDNS
Authoritative, where replaying a specially crafted PCAP file can trigger
a stack-based buffer overflow, leading to a crash and potentially
arbitrary code execution. This buffer overflow only occurs when the
`--ecs-stamp` option of dnsreplay is used. Regardless of this issue, the
use of dnsreplay with untrusted PCAP files is not advised.
This issue has been assigned CVE-2018-1046 by Red Hat.

PowerDNS Authoritative from 4.0.0 up to and including 4.1.1 is affected.

We would like to thank Wei Hao for finding and subsequently reporting
this issue.



Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.