Bug 96976 - (CVE-2005-2302) VUL-0: CVE-2005-2302: pdns LDAP backend bugs
(CVE-2005-2302)
VUL-0: CVE-2005-2302: pdns LDAP backend bugs
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other All
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVE-2005-2302: CVSS v2 Base Score: 2....
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-18 07:46 UTC by Ludwig Nussel
Modified: 2021-11-09 13:29 UTC (History)
2 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
pdns-2.9.17-ldap.patch (559 bytes, patch)
2005-07-18 11:31 UTC, Vladimir Nadvornik
Details | Diff
pdns-2.9.17-recursor.patch (1.16 KB, patch)
2005-07-18 11:33 UTC, Vladimir Nadvornik
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2005-07-18 07:46:29 UTC
We received the following report via bugtraq.
The issue is public.

It's all Greek to me. Do we even have the ldap backend enabled?

Date: 16 Jul 2005 11:54:37 -0000
From: bert.hubert@netherlabs.nl
To: bugtraq@securityfocus.com
Subject: PowerDNS 2.9.18 fixes two security issues affecting users of LDAP
 backend or limited recursion
X-Mailer: MIME-tools 5.411 (Entity 5.404)
X-Spam-Level: **

PowerDNS 2.9.18 fixes two bugs with security implications, which only apply to installations running on the LDAP backend, or installations providing recursion to a limited range of IP addresses. If any of these apply to you, an upgrade is highly advised.

Version 2.9.18 release notes are on: http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18
Version 2.9.18 is available on:
http://www.powerdns.com/downloads/
Wiki, source, bugtracker: http://wiki.powerdns.com/
Security page: http://doc.powerdns.com/security-policy.html

Details:
    * The LDAP backend did not properly escape all queries, allowing it to fail and not answer questions. We have not investigated further risks involved, but we advise LDAP users to update as quickly as possible (Norbert Sendetzky, Jan de Groot)

    * Questions from clients denied recursion could blank out answers to clients who are allowed recursion services, temporarily. Reported by Wilco Baan. This would've made it possible for outsiders to blank out a domain temporarily to your users. Luckily PowerDNS would send out SERVFAIL or Refused, and not a denial of a domain's existence. 

Thanks for your attention.

Bert Hubert
http://www.netherlabs.nl
http://www.powerdns.com
http://ds9a.nl/
Comment 1 Vladimir Nadvornik 2005-07-18 08:30:40 UTC
Yes, we have ldap backend enabled.
I am going to extract the patches.
Comment 2 Vladimir Nadvornik 2005-07-18 11:31:10 UTC
Created attachment 42387 [details]
pdns-2.9.17-ldap.patch

fix for ldap quoting
Comment 3 Vladimir Nadvornik 2005-07-18 11:33:58 UTC
Created attachment 42388 [details]
pdns-2.9.17-recursor.patch

fix for recursor
Comment 4 Vladimir Nadvornik 2005-07-18 14:43:13 UTC
Fixed package is submitted to 9.3. Can you please submit patchinfo?
Comment 5 Ludwig Nussel 2005-07-18 15:17:57 UTC
SM-Tracker-1810 
Comment 6 Ludwig Nussel 2005-07-19 10:26:06 UTC
====================================================== 
Candidate: CAN-2005-2301 
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2301 
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20050719 
Category: SF 
Reference: BUGTRAQ:20050716 PowerDNS 2.9.18 fixes two security issues 
affecting users of LDAP 
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112155941310297&w=2 
Reference: CONFIRM:http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18 
 
PowerDNS before 2.9.18, when running with an LDAP backend, does not 
properly escape LDAP queries, which allows remote attackers to cause a 
denial of service (failure to answer ldap questions) and possibly 
conduct an LDAP injection attack. 
 
 
 
====================================================== 
Candidate: CAN-2005-2302 
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2302 
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20050719 
Category: SF 
Reference: BUGTRAQ:20050716 PowerDNS 2.9.18 fixes two security issues 
affecting users of LDAP 
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112155941310297&w=2 
Reference: CONFIRM:http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18 
 
PowerDNS before 2.9.18, does not properly handle questions from 
clients that are denied recursion, which could cause a "blank out" of 
answers to clients that are allowed to use recursion. 
Comment 7 Marcus Meissner 2005-07-20 07:52:55 UTC
BTW, do we really need powerdns in the distro? we have bind? 
Comment 8 Vladimir Nadvornik 2005-07-20 08:12:21 UTC
The powerdns package was created because our internal IT department needs it.
It could be made internal, but I don't see any reason for it.
Comment 9 Marcus Meissner 2005-07-20 08:15:17 UTC
if we use it ourselves it is fine by me. :) 
Comment 10 Ludwig Nussel 2005-08-02 15:30:15 UTC
updates released  
Comment 11 Thomas Biege 2009-10-13 21:33:52 UTC
CVE-2005-2302: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)