Arch Linux Security Advisory ASA-201701-29
=========================================
Severity: Medium
Date    : 2017-01-19
CVE-ID  : CVE-2016-2120 CVE-2016-7068 CVE-2016-7072 CVE-2016-7073
          CVE-2016-7074
Package : powerdns
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-147

Summary
======
The package powerdns before version 4.0.2-1 is vulnerable to multiple
issues including denial of service and insufficient validation.

Resolution
=========
Upgrade to 4.0.2-1.

# pacman -Syu "powerdns>=4.0.2-1"

The problems have been fixed upstream in version 4.0.2.

Workaround
=========
None.

Description
==========
- CVE-2016-2120 (denial of service)

An issue has been found in PowerDNS Authoritative Server allowing an
authorized user to crash the server by inserting a specially crafted
record in a zone under their control then sending a DNS query for that
record. The issue is due to an integer overflow when checking if the
content of the record matches the expected size, allowing an attacker
to cause a read past the buffer boundary.

- CVE-2016-7068 (denial of service)

An issue has been found in PowerDNS allowing a remote, unauthenticated
attacker to cause an abnormal CPU usage load on the PowerDNS server by
sending crafted DNS queries, which might result in a partial denial of
service if the system becomes overloaded. This issue is based on the
fact that the PowerDNS server parses all records present in a query
regardless of whether they are needed or even legitimate. A specially
crafted query containing a large number of records can be used to take
advantage of that behaviour.

- CVE-2016-7072 (denial of service)

An issue has been found in PowerDNS Authoritative Server allowing a
remote, unauthenticated attacker to cause a denial of service by
opening a large number of TCP connections to the web server. If the web
server runs out of file descriptors, it triggers an exception and
terminates the whole PowerDNS process. While it's more complicated for
an unauthorized attacker to make the web server run out of file
descriptors since its connection will be closed just after being
accepted, it might still be possible.

- CVE-2016-7073 (insufficient validation)

An issue has been found in PowerDNS Authoritative Server and PowerDNS
Recursor allowing an attacker in position of man-in-the-middle to alter
the content of an AXFR because of insufficient validation of TSIG
signatures. A missing check of the TSIG time and fudge values in
AXFRRetriever, leading to a possible replay attack.

- CVE-2016-7074 (insufficient validation)

An issue has been found in PowerDNS Authoritative Server and PowerDNS
Recursor allowing an attacker in position of man-in-the-middle to alter
the content of an AXFR because of insufficient validation of TSIG
signatures. A missing check that the TSIG record is the last one,
leading to the possibility of parsing records that are not covered by
the TSIG signature.

Impact
=====
A remote attacker is able to perform a denial of service attack or
bypass certain verification possibly leading to a replay attack.

References
=========
https://seclists.org/oss-sec/2017/q1/97
https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/
https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/
https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/
https://security.archlinux.org/CVE-2016-2120
https://security.archlinux.org/CVE-2016-7068
https://security.archlinux.org/CVE-2016-7072
https://security.archlinux.org/CVE-2016-7073
https://security.archlinux.org/CVE-2016-7074

ArchLinux: 201701-29: powerdns: multiple issues

January 20, 2017

Summary

- CVE-2016-2120 (denial of service) An issue has been found in PowerDNS Authoritative Server allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.
- CVE-2016-7068 (denial of service)
An issue has been found in PowerDNS allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.
- CVE-2016-7072 (denial of service)
An issue has been found in PowerDNS Authoritative Server allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible.
- CVE-2016-7073 (insufficient validation)
An issue has been found in PowerDNS Authoritative Server and PowerDNS Recursor allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values in AXFRRetriever, leading to a possible replay attack.
- CVE-2016-7074 (insufficient validation)
An issue has been found in PowerDNS Authoritative Server and PowerDNS Recursor allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.

Resolution

Upgrade to 4.0.2-1. # pacman -Syu "powerdns>=4.0.2-1"
The problems have been fixed upstream in version 4.0.2.

References

https://seclists.org/oss-sec/2017/q1/97 https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/ https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/ https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/ https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/ https://security.archlinux.org/CVE-2016-2120 https://security.archlinux.org/CVE-2016-7068 https://security.archlinux.org/CVE-2016-7072 https://security.archlinux.org/CVE-2016-7073 https://security.archlinux.org/CVE-2016-7074

Severity
CVE-2016-7074
Package : powerdns
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-147

Workaround

None.

Related News

2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved