Bug 639780 (CVE-2017-15120)

Comment 1 Thomas Deutschmann (RETIRED) 2017-12-11 12:36:49 UTC

PowerDNS Security Advisory 2017-08: Crafted CNAME answer can cause a denial of service

CVE: CVE-2017-15120

Date: December 11th 2017

Credit: Toshifumi Sakaguchi

Affects: PowerDNS Recursor from 4.0.0 up to and including 4.0.7

Not affected: PowerDNS Recursor 3.7.4, 4.0.8, 4.1.0

Severity: High

Impact: Denial of service

Exploit: This problem can be triggered by an authoritative server sending a crafted CNAME answer with a class other than IN to the Recursor.

Risk of system compromise: No

Solution: Upgrade to a non-affected version

Workaround: run the process inside a supervisor like supervisord or systemd

An issue has been found in the parsing of authoritative answers in PowerDNS Recursor, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. This issue has been assigned CVE-2017-15120.

When the PowerDNS Recursor is run inside a supervisor like supervisord or systemd, it will be automatically restarted, limiting the impact to somewhat degraded service.

PowerDNS Recursor from 4.0.0 up to and including 4.0.7 are affected.

Comment 2 Sven Wegener 2017-12-11 12:49:23 UTC

I've committed pdns-recursor-4.0.8. In addition to the security fix it only contains small changes over 4.0.7 and should be ready for stabilization.

Comment 3 Thomas Deutschmann (RETIRED) 2017-12-11 13:00:10 UTC

@ Arches,

please test and mark stable: =net-dns/pdns-recursor-4.0.8

Comment 4 Thomas Deutschmann (RETIRED) 2017-12-12 16:37:59 UTC

x86 stable

Comment 5 Agostino Sarubbo 2017-12-14 20:27:37 UTC

amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 6 Aaron Bauman (RETIRED) 2018-01-15 15:48:58 UTC

GLSA Vote: No

Tree is clean.