[manjaro-security] [arch-security] [ASA-201701-29] powerdns: multiple issues

Levente Polyak anthraxx at archlinux.org
Fri Jan 20 01:14:06 CET 2017


Arch Linux Security Advisory ASA-201701-29
==========================================

Severity: Medium
Date    : 2017-01-19
CVE-ID  : CVE-2016-2120 CVE-2016-7068 CVE-2016-7072 CVE-2016-7073
          CVE-2016-7074
Package : powerdns
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-147

Summary
=======

The package powerdns before version 4.0.2-1 is vulnerable to multiple
issues including denial of service and insufficient validation.

Resolution
==========

Upgrade to 4.0.2-1.

# pacman -Syu "powerdns>=4.0.2-1"

The problems have been fixed upstream in version 4.0.2.

Workaround
==========

None.

Description
===========

- CVE-2016-2120 (denial of service)

An issue has been found in PowerDNS Authoritative Server allowing an
authorized user to crash the server by inserting a specially crafted
record in a zone under their control then sending a DNS query for that
record. The issue is due to an integer overflow when checking if the
content of the record matches the expected size, allowing an attacker
to cause a read past the buffer boundary.

- CVE-2016-7068 (denial of service)

An issue has been found in PowerDNS allowing a remote, unauthenticated
attacker to cause an abnormal CPU usage load on the PowerDNS server by
sending crafted DNS queries, which might result in a partial denial of
service if the system becomes overloaded. This issue is based on the
fact that the PowerDNS server parses all records present in a query
regardless of whether they are needed or even legitimate. A specially
crafted query containing a large number of records can be used to take
advantage of that behaviour.

- CVE-2016-7072 (denial of service)

An issue has been found in PowerDNS Authoritative Server allowing a
remote, unauthenticated attacker to cause a denial of service by
opening a large number of TCP connections to the web server. If the web
server runs out of file descriptors, it triggers an exception and
terminates the whole PowerDNS process. While it's more complicated for
an unauthorized attacker to make the web server run out of file
descriptors since its connection will be closed just after being
accepted, it might still be possible.

- CVE-2016-7073 (insufficient validation)

An issue has been found in PowerDNS Authoritative Server and PowerDNS
Recursor allowing an attacker in position of man-in-the-middle to alter
the content of an AXFR because of insufficient validation of TSIG
signatures. A missing check of the TSIG time and fudge values in
AXFRRetriever, leading to a possible replay attack.

- CVE-2016-7074 (insufficient validation)

An issue has been found in PowerDNS Authoritative Server and PowerDNS
Recursor allowing an attacker in position of man-in-the-middle to alter
the content of an AXFR because of insufficient validation of TSIG
signatures. A missing check that the TSIG record is the last one,
leading to the possibility of parsing records that are not covered by
the TSIG signature.

Impact
======

A remote attacker is able to perform a denial of service attack or
bypass certain verification possibly leading to a replay attack.

References
==========

http://seclists.org/oss-sec/2017/q1/97
https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/
https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/
https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/
https://security.archlinux.org/CVE-2016-2120
https://security.archlinux.org/CVE-2016-7068
https://security.archlinux.org/CVE-2016-7072
https://security.archlinux.org/CVE-2016-7073
https://security.archlinux.org/CVE-2016-7074

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20170120/47fe0571/attachment.pgp>


More information about the manjaro-security mailing list