[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    PowerDNS 2.9.18 fixes two security issues affecting users of LDAP
From:       bert.hubert () netherlabs ! nl
Date:       2005-07-16 11:54:37
Message-ID: 20050716115437.18348.qmail () securityfocus ! com
[Download RAW message or body]

PowerDNS 2.9.18 fixes two bugs with security implications, which only apply to \
installations running on the LDAP backend, or installations providing recursion to a \
limited range of IP addresses. If any of these apply to you, an upgrade is highly \
advised.

Version 2.9.18 release notes are on: \
http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18 Version 2.9.18 is available \
on: http://www.powerdns.com/downloads/
Wiki, source, bugtracker: http://wiki.powerdns.com/
Security page: http://doc.powerdns.com/security-policy.html

Details:
    * The LDAP backend did not properly escape all queries, allowing it to fail and \
not answer questions. We have not investigated further risks involved, but we advise \
LDAP users to update as quickly as possible (Norbert Sendetzky, Jan de Groot)

    * Questions from clients denied recursion could blank out answers to clients who \
are allowed recursion services, temporarily. Reported by Wilco Baan. This would've \
made it possible for outsiders to blank out a domain temporarily to your users. \
Luckily PowerDNS would send out SERVFAIL or Refused, and not a denial of a domain's \
existence. 

Thanks for your attention.

Bert Hubert
http://www.netherlabs.nl
http://www.powerdns.com
http://ds9a.nl/


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic