Bugzilla – Bug 96976
VUL-0: CVE-2005-2302: pdns LDAP backend bugs
Last modified: 2021-11-09 13:29:17 UTC
We received the following report via bugtraq. The issue is public. It's all Greek to me. Do we even have the ldap backend enabled? Date: 16 Jul 2005 11:54:37 -0000 From: bert.hubert@netherlabs.nl To: bugtraq@securityfocus.com Subject: PowerDNS 2.9.18 fixes two security issues affecting users of LDAP backend or limited recursion X-Mailer: MIME-tools 5.411 (Entity 5.404) X-Spam-Level: ** PowerDNS 2.9.18 fixes two bugs with security implications, which only apply to installations running on the LDAP backend, or installations providing recursion to a limited range of IP addresses. If any of these apply to you, an upgrade is highly advised. Version 2.9.18 release notes are on: http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18 Version 2.9.18 is available on: http://www.powerdns.com/downloads/ Wiki, source, bugtracker: http://wiki.powerdns.com/ Security page: http://doc.powerdns.com/security-policy.html Details: * The LDAP backend did not properly escape all queries, allowing it to fail and not answer questions. We have not investigated further risks involved, but we advise LDAP users to update as quickly as possible (Norbert Sendetzky, Jan de Groot) * Questions from clients denied recursion could blank out answers to clients who are allowed recursion services, temporarily. Reported by Wilco Baan. This would've made it possible for outsiders to blank out a domain temporarily to your users. Luckily PowerDNS would send out SERVFAIL or Refused, and not a denial of a domain's existence. Thanks for your attention. Bert Hubert http://www.netherlabs.nl http://www.powerdns.com http://ds9a.nl/
Yes, we have ldap backend enabled. I am going to extract the patches.
Created attachment 42387 [details] pdns-2.9.17-ldap.patch fix for ldap quoting
Created attachment 42388 [details] pdns-2.9.17-recursor.patch fix for recursor
Fixed package is submitted to 9.3. Can you please submit patchinfo?
SM-Tracker-1810
====================================================== Candidate: CAN-2005-2301 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2301 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20050719 Category: SF Reference: BUGTRAQ:20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112155941310297&w=2 Reference: CONFIRM:http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18 PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack. ====================================================== Candidate: CAN-2005-2302 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2302 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20050719 Category: SF Reference: BUGTRAQ:20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112155941310297&w=2 Reference: CONFIRM:http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18 PowerDNS before 2.9.18, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to clients that are allowed to use recursion.
BTW, do we really need powerdns in the distro? we have bind?
The powerdns package was created because our internal IT department needs it. It could be made internal, but I don't see any reason for it.
if we use it ourselves it is fine by me. :)
updates released
CVE-2005-2302: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)