Gentoo Bug 80713 - net-dns/pdns: Traffic Handling Denial of Service Vulnerability

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	80713
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Jean-François Brunette (RETIRED) <formula7@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 80713 depends on:			Show dependency tree
Bug 80713 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-02-04 06:29 0000

Description:
A vulnerability has been reported in PowerDNS, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in the traffic handling, which can be exploited to cause a temporary DoS by sending a stream of random bytes.

Solution:
Update to version 2.9.17.
http://www.powerdns.com/downloads/index.php

------- Comment #1 From Thierry Carrez (RETIRED) 2005-02-04 06:36:20 0000 -------

Jared: please bump to 2.9.17

------- Comment #2 From Matthias Geerdsen 2005-02-04 06:40:25 0000 -------

http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17

[...]
Security issues:

    * PowerDNS could be temporarily DoSed using a random stream of bytes. Reported cause of this has been fixed.
[...]

------- Comment #3 From Matthias Geerdsen 2005-02-09 01:19:06 0000 -------

Jared, pls bump the ebuild and comment on the bug

------- Comment #4 From Jared H. Hudson (RETIRED) 2005-02-12 03:36:24 0000 -------

pdns bumped to 2.9.17 and marked stable for x86 and amd64.

------- Comment #5 From Thierry Carrez (RETIRED) 2005-02-12 04:50:26 0000 -------

Vote on GLSA need. I vote YES, as this is a network-facing server doing real
service that can be easily DoSed.

------- Comment #6 From Jared H. Hudson (RETIRED) 2005-02-12 05:00:13 0000 -------

Yes

------- Comment #7 From Matthias Geerdsen 2005-02-13 09:12:53 0000 -------

voting for a GLSA too

draft is ready for review

------- Comment #8 From Matthias Geerdsen 2005-02-13 12:56:15 0000 -------

GLSA 200502-15

thanks everyone

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 80713

net-dns/pdns: Traffic Handling Denial of Service Vulnerability

Last modified: 2005-02-13 12:56:15 0000