Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 404377 (CVE-2012-1193)

Summary: <net-dns/pdns-recursor-3.5.1: Deleted Domain Name Resolving Vulnerability (CVE-2012-1193)
Product: Gentoo Security Reporter: Sean Amoss (RETIRED) <ackle>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: rboesger, swegener, technoworx
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1193
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
ebuild for pdns-recursor-3.5 release changed init file to better naming also
none
updated ebuild for pdns-recursor version 3.5.1 released today may 3rd 2013 none

Description Sean Amoss (RETIRED) gentoo-dev Security 2012-02-18 13:02:43 UTC
From the CVE entry at $URL:

"The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack."

The CVE is still being reviewed and while it only lists that pdns-recursor 3.3 is affected, the original research[1] states only that no prior versions were tested. 

[1] https://www.isc.org/files/imce/ghostdomain_camera.pdf
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-02-20 04:55:38 UTC
CVE-2012-1193 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1193):
  The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached
  server names and TTL values in NS records during the processing of a
  response to an A record query, which allows remote attackers to trigger
  continued resolvability of revoked domain names via a "ghost domain names"
  attack.
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2013-04-16 19:00:05 UTC
*** Bug 466008 has been marked as a duplicate of this bug. ***
Comment 3 Ronny Boesger 2013-04-19 08:52:47 UTC
Created attachment 345986 [details]
ebuild for pdns-recursor-3.5 release changed init file to better naming also

* changed pdns-recursor version to 3.5
* changed init script name from "precursor" -> "pdns-recursor"

Works as overlay on my 3 systems since the release candidate version fine, no issues so far. The ebuild is only changed for the new release and the init file, nothing more.

I hope it helps to solve this CVE quickly.
Comment 4 Ronny Boesger 2013-05-03 11:29:59 UTC
Created attachment 347262 [details]
updated ebuild for pdns-recursor version 3.5.1 released today may 3rd 2013
Comment 5 Sven Wegener gentoo-dev 2013-05-04 20:55:12 UTC
I've commited 3.5.1 to the tree.
Comment 6 Ronny Boesger 2013-06-07 14:54:37 UTC
sven, 

could you please commit update the ebuild to 3.5.2 ?

Changelog is:

Changes since 3.5.1:

  * Responses without the QR bit set now get matched up to an outstanding
    query, so that resolution can be aborted early instead of waiting for a
    timeout. Code in commit ee90f02.

  * The depth limiter changes in 3.5.1 broke some legal domains with lots of
    indirection. Improved in commit d393c2d.

  * Slightly improved logging to aid debugging. Code in commit 437824d and
    commit 182005e.

http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.5.2
Comment 7 Sean Amoss (RETIRED) gentoo-dev Security 2014-05-31 22:36:46 UTC
Wow, this has been in the tree for a long time now. Sven, can we proceed stabilization? 3.5.1 or 3.5.3?
Comment 8 Ronny Boesger 2014-06-02 08:42:48 UTC
3.5.3 should be stabilized, the 3.6 version is in near sight (currently there is a RC1 which does have production quality, i am testing it already).

So, if no reasons are against, 3.5.3 should be stable and I will then open a request for 3.6.0 if all goes well for a keyword marked ebuild.
Comment 9 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-06-29 19:17:45 UTC
stabilization is currently happening in bug 514946
Comment 10 Yury German Gentoo Infrastructure gentoo-dev 2014-07-06 18:28:51 UTC
Arches, Thank you for your work
Maintainer(s), please drop the vulnerable version.

GLSA Vote: Yes
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2014-08-01 02:52:34 UTC
Maintainer(s), Thank you for cleanup!
Comment 12 Tobias Heinlein (RETIRED) gentoo-dev 2014-08-04 18:53:11 UTC
YES too, added to the existing request.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2014-12-22 22:01:55 UTC
This issue was resolved and addressed in
 GLSA 201412-33 at http://security.gentoo.org/glsa/glsa-201412-33.xml
by GLSA coordinator Sean Amoss (ackle).