[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: PowerDNS 2.9.18 fixes two security issues affecting users of LDAP
From: bert.hubert () netherlabs ! nl
Date: 2005-07-16 11:54:37
Message-ID: 20050716115437.18348.qmail () securityfocus ! com
[Download RAW message or body]
PowerDNS 2.9.18 fixes two bugs with security implications, which only apply to \
installations running on the LDAP backend, or installations providing recursion to a \
limited range of IP addresses. If any of these apply to you, an upgrade is highly \
advised.
Version 2.9.18 release notes are on: \
http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18 Version 2.9.18 is available \
on: http://www.powerdns.com/downloads/
Wiki, source, bugtracker: http://wiki.powerdns.com/
Security page: http://doc.powerdns.com/security-policy.html
Details:
* The LDAP backend did not properly escape all queries, allowing it to fail and \
not answer questions. We have not investigated further risks involved, but we advise \
LDAP users to update as quickly as possible (Norbert Sendetzky, Jan de Groot)
* Questions from clients denied recursion could blank out answers to clients who \
are allowed recursion services, temporarily. Reported by Wilco Baan. This would've \
made it possible for outsiders to blank out a domain temporarily to your users. \
Luckily PowerDNS would send out SERVFAIL or Refused, and not a denial of a domain's \
existence.
Thanks for your attention.
Bert Hubert
http://www.netherlabs.nl
http://www.powerdns.com
http://ds9a.nl/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic