Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 80713 - net-dns/pdns: Traffic Handling Denial of Service Vulnerability
Summary: net-dns/pdns: Traffic Handling Denial of Service Vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/14135/
Whiteboard: B3 [glsa] vorlon
Keywords:
Depends on:
Blocks:
 
Reported: 2005-02-04 06:29 UTC by Jean-François Brunette (RETIRED)
Modified: 2005-02-13 12:56 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jean-François Brunette (RETIRED) gentoo-dev 2005-02-04 06:29:40 UTC 
Description:
A vulnerability has been reported in PowerDNS, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in the traffic handling, which can be exploited to cause a temporary DoS by sending a stream of random bytes.

Solution:
Update to version 2.9.17.
http://www.powerdns.com/downloads/index.php
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-02-04 06:36:20 UTC 
Jared: please bump to 2.9.17
Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2005-02-04 06:40:25 UTC 
http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-17

[...]
Security issues:

    * PowerDNS could be temporarily DoSed using a random stream of bytes. Reported cause of this has been fixed.
[...]
Comment 3 Matthias Geerdsen (RETIRED) gentoo-dev 2005-02-09 01:19:06 UTC 
Jared, pls bump the ebuild and comment on the bug
Comment 4 Jared H. Hudson (RETIRED) gentoo-dev 2005-02-12 03:36:24 UTC 
pdns bumped to 2.9.17 and marked stable for x86 and amd64.
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-02-12 04:50:26 UTC 
Vote on GLSA need. I vote YES, as this is a network-facing server doing real service that can be easily DoSed.
Comment 6 Jared H. Hudson (RETIRED) gentoo-dev 2005-02-12 05:00:13 UTC 
Yes
Comment 7 Matthias Geerdsen (RETIRED) gentoo-dev 2005-02-13 09:12:53 UTC 
voting for a GLSA too

draft is ready for review
Comment 8 Matthias Geerdsen (RETIRED) gentoo-dev 2005-02-13 12:56:15 UTC 
GLSA 200502-15

thanks everyone