|Summary:||<net-dns/pdns-recursor-3.5.1: Deleted Domain Name Resolving Vulnerability (CVE-2012-1193)|
|Product:||Gentoo Security||Reporter:||Sean Amoss (RETIRED) <ackle>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||minor||CC:||rboesger, swegener, technoworx|
|Package list:||Runtime testing required:||---|
Description Sean Amoss (RETIRED) 2012-02-18 13:02:43 UTC
From the CVE entry at $URL: "The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack." The CVE is still being reviewed and while it only lists that pdns-recursor 3.3 is affected, the original research states only that no prior versions were tested.  https://www.isc.org/files/imce/ghostdomain_camera.pdf
Comment 1 GLSAMaker/CVETool Bot 2012-02-20 04:55:38 UTC
CVE-2012-1193 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1193): The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
Comment 2 Jeroen Roovers (RETIRED) 2013-04-16 19:00:05 UTC
*** Bug 466008 has been marked as a duplicate of this bug. ***
Comment 3 Ronny Boesger 2013-04-19 08:52:47 UTC
Created attachment 345986 [details] ebuild for pdns-recursor-3.5 release changed init file to better naming also * changed pdns-recursor version to 3.5 * changed init script name from "precursor" -> "pdns-recursor" Works as overlay on my 3 systems since the release candidate version fine, no issues so far. The ebuild is only changed for the new release and the init file, nothing more. I hope it helps to solve this CVE quickly.
Comment 4 Ronny Boesger 2013-05-03 11:29:59 UTC
Created attachment 347262 [details] updated ebuild for pdns-recursor version 3.5.1 released today may 3rd 2013
Comment 5 Sven Wegener 2013-05-04 20:55:12 UTC
I've commited 3.5.1 to the tree.
Comment 6 Ronny Boesger 2013-06-07 14:54:37 UTC
sven, could you please commit update the ebuild to 3.5.2 ? Changelog is: Changes since 3.5.1: * Responses without the QR bit set now get matched up to an outstanding query, so that resolution can be aborted early instead of waiting for a timeout. Code in commit ee90f02. * The depth limiter changes in 3.5.1 broke some legal domains with lots of indirection. Improved in commit d393c2d. * Slightly improved logging to aid debugging. Code in commit 437824d and commit 182005e. http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.5.2
Comment 7 Sean Amoss (RETIRED) 2014-05-31 22:36:46 UTC
Wow, this has been in the tree for a long time now. Sven, can we proceed stabilization? 3.5.1 or 3.5.3?
Comment 8 Ronny Boesger 2014-06-02 08:42:48 UTC
3.5.3 should be stabilized, the 3.6 version is in near sight (currently there is a RC1 which does have production quality, i am testing it already). So, if no reasons are against, 3.5.3 should be stable and I will then open a request for 3.6.0 if all goes well for a keyword marked ebuild.
Comment 9 Kristian Fiskerstrand (RETIRED) 2014-06-29 19:17:45 UTC
stabilization is currently happening in bug 514946
Comment 10 Yury German 2014-07-06 18:28:51 UTC
Arches, Thank you for your work Maintainer(s), please drop the vulnerable version. GLSA Vote: Yes
Comment 11 Yury German 2014-08-01 02:52:34 UTC
Maintainer(s), Thank you for cleanup!
Comment 12 Tobias Heinlein (RETIRED) 2014-08-04 18:53:11 UTC
YES too, added to the existing request.
Comment 13 GLSAMaker/CVETool Bot 2014-12-22 22:01:55 UTC
This issue was resolved and addressed in GLSA 201412-33 at http://security.gentoo.org/glsa/glsa-201412-33.xml by GLSA coordinator Sean Amoss (ackle).