|
Message-ID: <6a293bd2-77f7-4ce0-a5ba-f9fb32985086@powerdns.com>
Date: Wed, 9 May 2018 10:15:31 +0200
From: Remi Gacogne <remi.gacogne@...erdns.com>
To: oss-security@...ts.openwall.com
Subject: PowerDNS Security Advisory 2018-02
Hello everybody,
We released PowerDNS Authoritative 4.1.2 yesterday, fixing a security
issue (CVE-2018-1046) affecting the dnsreplay tool included with it.
Versions of dnsreplay from 4.0.0 up to and including 4.1.1 are
vulnerable. The full security advisory can be found below and at
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html
The issue is a stack-based buffer overflow occurring when replaying a
specially crafted PCAP file with the `--ecs-stamp` option enabled,
leading to a denial of service or potentially arbitrary code execution.
Regardless of this issue, we do not advise the use of dnsreplay with
untrusted PCAP files.
The commit fixing the issue can be found here:
https://github.com/PowerDNS/pdns/commit/f9c57c98da1b1007a51680629b667d57d9b702b8
We would like to thank Wei Hao for finding and subsequently reporting
this issue.
Please feel free to contact me directly if you have any question.
Best regards,
Remi and the PowerDNS team
PowerDNS Security Advisory 2018-02: Buffer overflow in dnsreplay
================================================================
- CVE: CVE-2018-1046
- Date: May 8th 2018
- Credit: Wei Hao
- Affects: dnsreplay from 4.0.0 up to and including 4.1.1
- Not affected: dnsreplay 3.4.11, 4.1.2
- Severity: High
- Impact: Arbitrary code execution
- Exploit: This problem can be triggered via a crafted PCAP file
- Risk of system compromise: Yes
- Solution: Upgrade to a non-affected version
An issue has been found in the dnsreplay tool provided with PowerDNS
Authoritative, where replaying a specially crafted PCAP file can trigger
a stack-based buffer overflow, leading to a crash and potentially
arbitrary code execution. This buffer overflow only occurs when the
`--ecs-stamp` option of dnsreplay is used. Regardless of this issue, the
use of dnsreplay with untrusted PCAP files is not advised.
This issue has been assigned CVE-2018-1046 by Red Hat.
PowerDNS Authoritative from 4.0.0 up to and including 4.1.1 is affected.
We would like to thank Wei Hao for finding and subsequently reporting
this issue.
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.