PowerDNS Malformed Query Handling Weakness
BID:30587
Info
PowerDNS Malformed Query Handling Weakness
| Bugtraq ID: | 30587 |
| Class: | Design Error |
| CVE: |
CVE-2008-3337 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 06 2008 12:00AM |
| Updated: | Dec 19 2008 11:01PM |
| Credit: | Brian J. Dowling |
| Vulnerable: |
S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 Red Hat Fedora 9 Red Hat Fedora 8 PowerDNS PowerDNS 2.9.21 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: |
PowerDNS PowerDNS 2.9.21 .1 |
Discussion
PowerDNS Malformed Query Handling Weakness
PowerDNS is prone to a weakness caused by dropping malformed DNS queries.
An attacker may leverage this issue to carry out spoofing attacks to manipulate third-party DNS cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
Versions prior to PowerDNS 2.9.21.1 are vulnerable.
PowerDNS is prone to a weakness caused by dropping malformed DNS queries.
An attacker may leverage this issue to carry out spoofing attacks to manipulate third-party DNS cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
Versions prior to PowerDNS 2.9.21.1 are vulnerable.
Exploit / POC
PowerDNS Malformed Query Handling Weakness
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
PowerDNS Malformed Query Handling Weakness
Solution:
Updates are available. Please see the references for more information.
Debian Linux 4.0 amd64
Debian Linux 4.0 ia-32
Debian Linux 4.0 arm
Debian Linux 4.0 hppa
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 alpha
Debian Linux 4.0 m68k
Debian Linux 4.0
Debian Linux 4.0 mipsel
Debian Linux 4.0 ia-64
Debian Linux 4.0 mips
Solution:
Updates are available. Please see the references for more information.
Debian Linux 4.0 amd64
-
Debian pdns-backend-geo_2.9.20-8+etch1_amd64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2 .9.20-8+etch1_amd64.deb -
Debian pdns-backend-ldap_2.9.20-8+etch1_amd64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_ 2.9.20-8+etch1_amd64.deb -
Debian pdns-backend-mysql_2.9.20-8+etch1_amd64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql _2.9.20-8+etch1_amd64.deb -
Debian pdns-backend-pgsql_2.9.20-8+etch1_amd64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql _2.9.20-8+etch1_amd64.deb -
Debian pdns-backend-pipe_2.9.20-8+etch1_amd64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_ 2.9.20-8+etch1_amd64.deb -
Debian pdns-backend-sqlite_2.9.20-8+etch1_amd64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlit e_2.9.20-8+etch1_amd64.deb -
Debian pdns-doc_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+ etch1_all.deb -
Debian pdns-server_2.9.20-8+etch1_amd64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20 -8+etch1_amd64.deb -
Debian pdns_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch 1_all.deb
Debian Linux 4.0 ia-32
-
Debian pdns-backend-geo_2.9.20-8+etch1_i386.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2 .9.20-8+etch1_i386.deb -
Debian pdns-backend-ldap_2.9.20-8+etch1_i386.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_ 2.9.20-8+etch1_i386.deb -
Debian pdns-backend-mysql_2.9.20-8+etch1_i386.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql _2.9.20-8+etch1_i386.deb -
Debian pdns-backend-pgsql_2.9.20-8+etch1_i386.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql _2.9.20-8+etch1_i386.deb -
Debian pdns-backend-pipe_2.9.20-8+etch1_i386.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_ 2.9.20-8+etch1_i386.deb -
Debian pdns-backend-sqlite_2.9.20-8+etch1_i386.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlit e_2.9.20-8+etch1_i386.deb -
Debian pdns-doc_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+ etch1_all.deb -
Debian pdns-server_2.9.20-8+etch1_i386.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20 -8+etch1_i386.deb -
Debian pdns_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch 1_all.deb
Debian Linux 4.0 arm
-
Debian pdns-backend-geo_2.9.20-8+etch1_arm.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2 .9.20-8+etch1_arm.deb -
Debian pdns-backend-ldap_2.9.20-8+etch1_arm.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_ 2.9.20-8+etch1_arm.deb -
Debian pdns-backend-mysql_2.9.20-8+etch1_arm.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql _2.9.20-8+etch1_arm.deb -
Debian pdns-backend-pgsql_2.9.20-8+etch1_arm.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql _2.9.20-8+etch1_arm.deb -
Debian pdns-backend-pipe_2.9.20-8+etch1_arm.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_ 2.9.20-8+etch1_arm.deb -
Debian pdns-backend-sqlite_2.9.20-8+etch1_arm.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlit e_2.9.20-8+etch1_arm.deb -
Debian pdns-doc_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+ etch1_all.deb -
Debian pdns-server_2.9.20-8+etch1_arm.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20 -8+etch1_arm.deb -
Debian pdns_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch 1_all.deb
Debian Linux 4.0 hppa
-
Debian pdns-backend-geo_2.9.20-8+etch1_hppa.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2 .9.20-8+etch1_hppa.deb -
Debian pdns-backend-ldap_2.9.20-8+etch1_hppa.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_ 2.9.20-8+etch1_hppa.deb -
Debian pdns-backend-mysql_2.9.20-8+etch1_hppa.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql _2.9.20-8+etch1_hppa.deb -
Debian pdns-backend-pgsql_2.9.20-8+etch1_hppa.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql _2.9.20-8+etch1_hppa.deb -
Debian pdns-backend-pipe_2.9.20-8+etch1_hppa.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_ 2.9.20-8+etch1_hppa.deb -
Debian pdns-backend-sqlite_2.9.20-8+etch1_hppa.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlit e_2.9.20-8+etch1_hppa.deb -
Debian pdns-doc_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+ etch1_all.deb -
Debian pdns-server_2.9.20-8+etch1_hppa.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20 -8+etch1_hppa.deb -
Debian pdns_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch 1_all.deb
Debian Linux 4.0 sparc
-
Debian pdns-backend-geo_2.9.20-8+etch1_sparc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2 .9.20-8+etch1_sparc.deb -
Debian pdns-backend-ldap_2.9.20-8+etch1_sparc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_ 2.9.20-8+etch1_sparc.deb -
Debian pdns-backend-mysql_2.9.20-8+etch1_sparc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql _2.9.20-8+etch1_sparc.deb -
Debian pdns-backend-pgsql_2.9.20-8+etch1_sparc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql _2.9.20-8+etch1_sparc.deb -
Debian pdns-backend-pipe_2.9.20-8+etch1_sparc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_ 2.9.20-8+etch1_sparc.deb -
Debian pdns-backend-sqlite_2.9.20-8+etch1_sparc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlit e_2.9.20-8+etch1_sparc.deb -
Debian pdns-doc_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+ etch1_all.deb -
Debian pdns-server_2.9.20-8+etch1_sparc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20 -8+etch1_sparc.deb -
Debian pdns_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch 1_all.deb
Debian Linux 4.0 s/390
-
Debian pdns-backend-geo_2.9.20-8+etch1_s390.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2 .9.20-8+etch1_s390.deb -
Debian pdns-backend-ldap_2.9.20-8+etch1_s390.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_ 2.9.20-8+etch1_s390.deb -
Debian pdns-backend-mysql_2.9.20-8+etch1_s390.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql _2.9.20-8+etch1_s390.deb -
Debian pdns-backend-pgsql_2.9.20-8+etch1_s390.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql _2.9.20-8+etch1_s390.deb -
Debian pdns-backend-pipe_2.9.20-8+etch1_s390.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_ 2.9.20-8+etch1_s390.deb -
Debian pdns-backend-sqlite_2.9.20-8+etch1_s390.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlit e_2.9.20-8+etch1_s390.deb -
Debian pdns-doc_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+ etch1_all.deb -
Debian pdns-server_2.9.20-8+etch1_s390.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20 -8+etch1_s390.deb -
Debian pdns_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch 1_all.deb
Debian Linux 4.0 powerpc
-
Debian pdns-backend-geo_2.9.20-8+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2 .9.20-8+etch1_powerpc.deb -
Debian pdns-backend-ldap_2.9.20-8+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_ 2.9.20-8+etch1_powerpc.deb -
Debian pdns-backend-mysql_2.9.20-8+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql _2.9.20-8+etch1_powerpc.deb -
Debian pdns-backend-pgsql_2.9.20-8+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql _2.9.20-8+etch1_powerpc.deb -
Debian pdns-backend-pipe_2.9.20-8+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_ 2.9.20-8+etch1_powerpc.deb -
Debian pdns-backend-sqlite_2.9.20-8+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlit e_2.9.20-8+etch1_powerpc.deb -
Debian pdns-doc_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+ etch1_all.deb -
Debian pdns-server_2.9.20-8+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20 -8+etch1_powerpc.deb -
Debian pdns_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch 1_all.deb
Debian Linux 4.0 alpha
-
Debian pdns-backend-geo_2.9.20-8+etch1_alpha.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2 .9.20-8+etch1_alpha.deb -
Debian pdns-backend-ldap_2.9.20-8+etch1_alpha.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_ 2.9.20-8+etch1_alpha.deb -
Debian pdns-backend-mysql_2.9.20-8+etch1_alpha.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql _2.9.20-8+etch1_alpha.deb -
Debian pdns-backend-pgsql_2.9.20-8+etch1_alpha.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql _2.9.20-8+etch1_alpha.deb -
Debian pdns-backend-pipe_2.9.20-8+etch1_alpha.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_ 2.9.20-8+etch1_alpha.deb -
Debian pdns-backend-sqlite_2.9.20-8+etch1_alpha.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlit e_2.9.20-8+etch1_alpha.deb -
Debian pdns-doc_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+ etch1_all.deb -
Debian pdns-server_2.9.20-8+etch1_alpha.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20 -8+etch1_alpha.deb -
Debian pdns_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch 1_all.deb
Debian Linux 4.0 m68k
-
Debian pdns-doc_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+ etch1_all.deb -
Debian pdns_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch 1_all.deb
Debian Linux 4.0
-
Debian pdns-doc_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+ etch1_all.deb -
Debian pdns_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch 1_all.deb
Debian Linux 4.0 mipsel
-
Debian pdns-backend-geo_2.9.20-8+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2 .9.20-8+etch1_mipsel.deb -
Debian pdns-backend-ldap_2.9.20-8+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_ 2.9.20-8+etch1_mipsel.deb -
Debian pdns-backend-mysql_2.9.20-8+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql _2.9.20-8+etch1_mipsel.deb -
Debian pdns-backend-pgsql_2.9.20-8+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql _2.9.20-8+etch1_mipsel.deb -
Debian pdns-backend-pipe_2.9.20-8+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_ 2.9.20-8+etch1_mipsel.deb -
Debian pdns-backend-sqlite_2.9.20-8+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlit e_2.9.20-8+etch1_mipsel.deb -
Debian pdns-doc_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+ etch1_all.deb -
Debian pdns-server_2.9.20-8+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20 -8+etch1_mipsel.deb -
Debian pdns_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch 1_all.deb
Debian Linux 4.0 ia-64
-
Debian pdns-backend-geo_2.9.20-8+etch1_ia64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2 .9.20-8+etch1_ia64.deb -
Debian pdns-backend-ldap_2.9.20-8+etch1_ia64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_ 2.9.20-8+etch1_ia64.deb -
Debian pdns-backend-mysql_2.9.20-8+etch1_ia64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql _2.9.20-8+etch1_ia64.deb -
Debian pdns-backend-pgsql_2.9.20-8+etch1_ia64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql _2.9.20-8+etch1_ia64.deb -
Debian pdns-backend-pipe_2.9.20-8+etch1_ia64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_ 2.9.20-8+etch1_ia64.deb -
Debian pdns-backend-sqlite_2.9.20-8+etch1_ia64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlit e_2.9.20-8+etch1_ia64.deb -
Debian pdns-doc_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+ etch1_all.deb -
Debian pdns-server_2.9.20-8+etch1_ia64.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20 -8+etch1_ia64.deb -
Debian pdns_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch 1_all.deb
Debian Linux 4.0 mips
-
Debian pdns-backend-geo_2.9.20-8+etch1_mips.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2 .9.20-8+etch1_mips.deb -
Debian pdns-backend-ldap_2.9.20-8+etch1_mips.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_ 2.9.20-8+etch1_mips.deb -
Debian pdns-backend-mysql_2.9.20-8+etch1_mips.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql _2.9.20-8+etch1_mips.deb -
Debian pdns-backend-pgsql_2.9.20-8+etch1_mips.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql _2.9.20-8+etch1_mips.deb -
Debian pdns-backend-pipe_2.9.20-8+etch1_mips.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_ 2.9.20-8+etch1_mips.deb -
Debian pdns-backend-sqlite_2.9.20-8+etch1_mips.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlit e_2.9.20-8+etch1_mips.deb -
Debian pdns-doc_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+ etch1_all.deb -
Debian pdns-server_2.9.20-8+etch1_mips.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20 -8+etch1_mips.deb -
Debian pdns_2.9.20-8+etch1_all.deb
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch 1_all.deb
References
PowerDNS Malformed Query Handling Weakness
References:
References:
- PowerDNS Homepage (PowerDNS)
- PowerDNS Release Notes (PowerDNS)
- PowerDNS Security Advisory 2008-02: By not responding to certain queries, domain (PowerDNS)