Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 514946 - <net-dns/pdns-recursor-3.5.3-r1: DoS due to maximum number of file descriptors exhausted
Summary: <net-dns/pdns-recursor-3.5.3-r1: DoS due to maximum number of file descriptor...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2014-06-24 16:59 UTC by Agostino Sarubbo
Modified: 2014-12-22 22:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-06-24 16:59:51 UTC
From ${URL} :

It was found [1] that in default configuration PowerDNS is allowed to consume 
more file descriptors than is available for a default Linux installation.
This can potentially lead to the DoS attack.
Patch is available at [2]

External references:


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Sven Wegener gentoo-dev 2014-06-29 18:20:14 UTC
I've ported and committed the bugfix to pdns-recursor-3.3-r1. The next version to go stable is 3.6.0, which also includes the fix, but it's too recent.
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-06-29 18:24:21 UTC
Thank you Sven, 

Arches, please stabilize: 

Targets: amd64 x86
Comment 3 Sven Wegener gentoo-dev 2014-06-29 18:42:23 UTC
Uhm, might as well target 3.5.3 and resolve bug #404377 in one go.
Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-06-29 18:45:29 UTC
(In reply to Sven Wegener from comment #3)
> Uhm, might as well target 3.5.3 and resolve bug #404377 in one go.

Sounds good to me, can you confirm that the current ebuild contain the necessary fixes for this bug as well?
Comment 5 Sven Wegener gentoo-dev 2014-06-29 18:51:57 UTC
I'v just patched 3.5.3 too.
Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-06-29 18:59:28 UTC
(In reply to Sven Wegener from comment #5)
> I'v just patched 3.5.3 too.

In the main ebuild or a bumped revision? would you please advise a specific atom for stabilization?
Comment 7 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-06-29 19:17:18 UTC
Arches, please disregard Comment 2. 

Ready for stabilization

Targets: amd64 x86
Comment 8 Agostino Sarubbo gentoo-dev 2014-07-04 19:32:35 UTC
amd64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2014-07-05 10:51:46 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 10 Yury German Gentoo Infrastructure gentoo-dev 2014-07-06 18:20:25 UTC
Arches, Thank you for your work
Maintainer(s), please drop the vulnerable version.

GLSA Vote: Yes
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2014-08-01 03:43:46 UTC
Maintainer(s), Thank you for cleanup!
Comment 12 Tobias Heinlein (RETIRED) gentoo-dev 2014-08-04 18:53:43 UTC
YES too, added to the existing request.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2014-12-22 22:02:03 UTC
This issue was resolved and addressed in
 GLSA 201412-33 at
by GLSA coordinator Sean Amoss (ackle).