Florian Weimer
2008-Dec-03 17:39 UTC
[Secure-testing-team] Minor PowerDNS DoS (CVE-2008-5277)
Hi, version 2.9.21.1.0-1 fixed a minor denial of service condition in pdns-server. It''s currently not in testing. Please arrange for a transition of the unstable version, or use the patch below I prepared for the version etch. It appears that we don''t need a fix for etch because this version has a different HINFO parser which does not run into this issue. At least I couldn''t reproduce it over there. Thanks, Florian diff --git a/debian/changelog b/debian/changelog index fea5f1a..948d498 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +pdns (2.9.20-8+etch2) stable-security; urgency=high + + * Fix minor denial of service in CH/HINFO processing (CVE-2008-5277) + + -- Florian Weimer <fw at deneb.enyo.de> Wed, 03 Dec 2008 16:48:01 +0100 + pdns (2.9.20-8+etch1) stable-security; urgency=high * Fixes security issue CVE-2008-3337 as announced in diff --git a/debian/patches/00list b/debian/patches/00list index 990611a..43876a4 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -9,3 +9,4 @@ fix-unaligned-access auto-soa-calculation-in-ldapbackend literal-zone-file.dpatch cve-2008-3337.dpatch +fix-hinfo-dos.dpatch diff --git a/debian/patches/fix-hinfo-dos.dpatch b/debian/patches/fix-hinfo-dos.dpatch new file mode 100755 index 0000000..d67b2c5 --- /dev/null +++ b/debian/patches/fix-hinfo-dos.dpatch @@ -0,0 +1,54 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## fix-hinfo-dos.dpatch by Daniel Drown <dan-pdns at drown.org> +## +## DP: Fix HINFO minor DoS (CVE-2008-5277) + + at DPATCH@ +diff -urNad git~/pdns/packethandler.cc git/pdns/packethandler.cc +--- git~/pdns/packethandler.cc 2008-12-03 16:42:24.000000000 +0100 ++++ git/pdns/packethandler.cc 2008-12-03 16:45:57.000000000 +0100 +@@ -180,23 +180,6 @@ + return 0; + } + +-int PacketHandler::doDNSCheckRequest(DNSPacket *p, DNSPacket *r, string &target) +-{ +- int result = 0; +- DNSResourceRecord rr; +- +- if (p->qclass == 3 && p->qtype.getName() == "HINFO") { +- rr.content = "PowerDNS $Id: packethandler.cc 539 2005-11-11 11:17:47Z ahu $"; +- rr.ttl = 5; +- rr.qname=target; +- rr.qtype=13; // hinfo +- r->addRecord(rr); +- result = 1; +- } +- +- return result; +-} +- + /** This catches version requests. Returns 1 if it was handled, 0 if it wasn''t */ + int PacketHandler::doVersionRequest(DNSPacket *p, DNSPacket *r, string &target) + { +@@ -616,9 +599,6 @@ + string target=p->qdomain; + bool noCache=false; + +- if (doDNSCheckRequest(p, r, target)) +- goto sendit; +- + if(doVersionRequest(p,r,target)) // catch version.bind requests + goto sendit; + +diff -urNad git~/pdns/packethandler.hh git/pdns/packethandler.hh +--- git~/pdns/packethandler.hh 2008-12-03 16:42:24.000000000 +0100 ++++ git/pdns/packethandler.hh 2008-12-03 16:45:57.000000000 +0100 +@@ -88,7 +88,6 @@ + int findMboxFW(DNSPacket *p, DNSPacket *r, string &target); + int findUrl(DNSPacket *p, DNSPacket *r, string &target); + int doFancyRecords(DNSPacket *p, DNSPacket *r, string &target); +- int doDNSCheckRequest(DNSPacket *p, DNSPacket *r, string &target); + int doVersionRequest(DNSPacket *p, DNSPacket *r, string &target); + bool getAuth(DNSPacket *p, SOAData *sd, const string &target, int *zoneId); + bool getTLDAuth(DNSPacket *p, SOAData *sd, const string &target, int *zoneId);
Hi, * Florian Weimer <fw at deneb.enyo.de> [2008-12-03 19:20]:> version 2.9.21.1.0-1 fixed a minor denial of service condition in > pdns-server. It''s currently not in testing. Please arrange for a > transition of the unstable version, or use the patch below I prepared > for the version etch.[...] [nion at coredump:~$] rmadison pdns-server pdns-server | 2.9.20-8 | etch-m68k | m68k pdns-server | 2.9.20-8+etch1 | stable | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc pdns-server | 2.9.21.1.0-1 | testing | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc pdns-server | 2.9.21.2-1 | unstable | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc 2.9.21.1.0-1 is in testing. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081203/4693dc7d/attachment.pgp
Florian Weimer
2008-Dec-03 19:36 UTC
[Secure-testing-team] Minor PowerDNS DoS (CVE-2008-5277)
* Nico Golde:> Hi, > * Florian Weimer <fw at deneb.enyo.de> [2008-12-03 19:20]: >> version 2.9.21.1.0-1 fixed a minor denial of service condition in >> pdns-server. It''s currently not in testing. Please arrange for a >> transition of the unstable version, or use the patch below I prepared >> for the version etch. > [...] > [nion at coredump:~$] rmadison pdns-server > pdns-server | 2.9.20-8 | etch-m68k | m68k > pdns-server | 2.9.20-8+etch1 | stable | alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc > pdns-server | 2.9.21.1.0-1 | testing | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc > pdns-server | 2.9.21.2-1 | unstable | alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc > > 2.9.21.1.0-1 is in testing.Sorry, typo, 2.9.21.2-1 (in the tracker) is the correct version. (I can reproduce the issue with today''s lenny, but not with sid.)