Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 628534 (CVE-2016-7069)

Summary: <net-dns/dnsdist-1.2.0: Crafted backend responses can cause a denial of service (CVE-2016-7069)
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: alwag, bgo, proxy-maint
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: x86   
OS: Linux   
URL: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=628578
Whiteboard: ~3 [noglsa cve]
Package list:
=net-dns/dnsdist-1.2.0
 Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 628578    

Description D'juan McDonald (domhnall) 2017-08-21 17:42:18 UTC 
From $URL:

An issue has been found in dnsdist in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash.
dnsdist up to and including 1.1.0 is affected on 32-bit systems. dnsdist 1.2.0 is not affected, dnsdist on 64-bit systems is not affected.
For those unable to upgrade to a new version, a minimal patch is available for 1.1.0
We would like to thank Guido Vranken for finding and subsequently reporting this issue.


Upstream Patch for 1.1.0:
https://downloads.powerdns.com/patches/2017-01
Comment 1 D'juan McDonald (domhnall) 2017-08-21 17:47:03 UTC 
@maintainer(s):

after bump please call for stabilization if needed. Thank you.

Daj'Uan (mbailey_j)
Gentoo Security Scout
Comment 2 Aleksandr Wagner (Kivak) 2017-08-22 08:38:53 UTC 
*** Bug 628582 has been marked as a duplicate of this bug. ***
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-22 09:23:38 UTC 
Adjusting CVE.
Comment 4 D'juan McDonald (domhnall) 2017-08-22 09:39:07 UTC 
All security advisories for the DNSDist are listed here.

PowerDNS Security Advisory 2017-02 for dnsdist: Alteration of ACLs via API authentication bypass

https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html

PowerDNS Security Advisory 2017-01 for dnsdist: Crafted backend responses can cause a denial of serviceh

ttps://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html
Comment 5 D'juan McDonald (domhnall) 2017-08-22 10:13:18 UTC 
(In reply to Thomas Deutschmann from comment #3)
@Whissi, Thank you...left this out also:

CVE Details: http://seclists.org/oss-sec/2017/q3/335
Comment 6 Larry the Git Cow gentoo-dev 2017-10-28 09:53:17 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c50a5d191b47143338b15a86ce6e36fd1b7abca

commit 1c50a5d191b47143338b15a86ce6e36fd1b7abca
Author:     bgo <bgo@9dt.de>
AuthorDate: 2017-09-02 16:44:59 +0000
Commit:     Patrice Clement <monsieurp@gentoo.org>
CommitDate: 2017-10-28 09:52:07 +0000

    net-dns/dnsdist: version bump to 1.2.0.
    
    Bug: https://bugs.gentoo.org/628534
    Bug: https://bugs.gentoo.org/628578
    Package-Manager: Portage-2.3.8, Repoman-2.3.3

 net-dns/dnsdist/Manifest             |  2 +-
 net-dns/dnsdist/dnsdist-1.2.0.ebuild | 86 ++++++++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e40b9b455b925425198ed2d250fc997b3bc56b94

commit e40b9b455b925425198ed2d250fc997b3bc56b94
Author:     bgo <bgo@9dt.de>
AuthorDate: 2017-09-02 16:43:53 +0000
Commit:     Patrice Clement <monsieurp@gentoo.org>
CommitDate: 2017-10-28 09:51:50 +0000

    net-dns/dnsdist: remove vulnerable version.
    
    CVE-2016-7069
    CVE-2017-7557
    
    Bug: https://bugs.gentoo.org/628534
    Bug: https://bugs.gentoo.org/628578
    
    Closes: https://github.com/gentoo/gentoo/pull/5596

 net-dns/dnsdist/dnsdist-1.1.0-r1.ebuild | 84 ---------------------------------
 1 file changed, 84 deletions(-)}
Comment 7 Patrice Clement (RETIRED) gentoo-dev 2017-10-28 09:56:16 UTC 
Arch teams,

Please stabilise:
=net-dns/dnsdist-1.2.0

Security team,

Please proceed.
Comment 8 Manuel RĂ¼ger (RETIRED) gentoo-dev 2017-10-28 16:29:17 UTC 
The previous version never was stabilized. Dropping arches, please do new stable reqs seperately from security bugs. Thanks!