Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 9 May 2018 10:15:31 +0200
From: Remi Gacogne <remi.gacogne@...erdns.com>
To: oss-security@...ts.openwall.com
Subject: PowerDNS Security Advisory 2018-02

Hello everybody,

We released PowerDNS Authoritative 4.1.2 yesterday, fixing a security
issue (CVE-2018-1046) affecting the dnsreplay tool included with it.
Versions of dnsreplay from 4.0.0 up to and including 4.1.1 are
vulnerable. The full security advisory can be found below and at
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html

The issue is a stack-based buffer overflow occurring when replaying a
specially crafted PCAP file with the `--ecs-stamp` option enabled,
leading to a denial of service or potentially arbitrary code execution.
Regardless of this issue, we do not advise the use of dnsreplay with
untrusted PCAP files.

The commit fixing the issue can be found here:
https://github.com/PowerDNS/pdns/commit/f9c57c98da1b1007a51680629b667d57d9b702b8

We would like to thank Wei Hao for finding and subsequently reporting
this issue.

Please feel free to contact me directly if you have any question.

Best regards,

Remi and the PowerDNS team


PowerDNS Security Advisory 2018-02: Buffer overflow in dnsreplay
================================================================

-  CVE: CVE-2018-1046
-  Date: May 8th 2018
-  Credit: Wei Hao
-  Affects: dnsreplay from 4.0.0 up to and including 4.1.1
-  Not affected: dnsreplay 3.4.11, 4.1.2
-  Severity: High
-  Impact: Arbitrary code execution
-  Exploit: This problem can be triggered via a crafted PCAP file
-  Risk of system compromise: Yes
-  Solution: Upgrade to a non-affected version

An issue has been found in the dnsreplay tool provided with PowerDNS
Authoritative, where replaying a specially crafted PCAP file can trigger
a stack-based buffer overflow, leading to a crash and potentially
arbitrary code execution. This buffer overflow only occurs when the
`--ecs-stamp` option of dnsreplay is used. Regardless of this issue, the
use of dnsreplay with untrusted PCAP files is not advised.
This issue has been assigned CVE-2018-1046 by Red Hat.

PowerDNS Authoritative from 4.0.0 up to and including 4.1.1 is affected.

We would like to thank Wei Hao for finding and subsequently reporting
this issue.



Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ