copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
Search this site

On this site

 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login


ESB-2005.0603 -- Debian Security Advisory DSA 771-1 -- New pdns (PowerDNS) packages fix denial of service

Date: 02 August 2005

Click here for printable version
Click here for PGP verifiable version
Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

            ESB-2005.0603 -- Debian Security Advisory DSA 771-1
            New pdns (PowerDNS) packages fix denial of service
                               2 August 2005


        AusCERT Security Bulletin Summary

Product:           pdns (PowerDNS)
Publisher:         Debian
Operating System:  Debian GNU/Linux 3.1
                   UNIX variants
Impact:            Denial of Service
Access:            Remote/Unauthenticated
CVE Names:         CAN-2005-2302 CAN-2005-2301

Original Bulletin:

Comment: This advisory references vulnerabilities in products which run on
         platforms other than Debian. It is recommended that administrators
         running PowerDNS check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 771-1                                        Martin Schulze
August 1st, 2005              
- - --------------------------------------------------------------------------

Package        : pdns
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2301 CAN-2005-2302
Debian Bug     : 318798

Several problems have been discovered in pdns, a versatile nameserver
that can lead to a denial of service.  The Common Vulnerabilities and
Exposures project identifies the following problems:


    Norbert Sendetzky and Jan de Groot discoverd that the LDAP backend
    did not properly escape all queries, allowing it to fail and not
    answer queries anymore.


    Wilco Baan discovered that queries from clients without recursion
    permission can temporarily blank out domains to clients with
    recursion permitted.  This enables outside users to blank out a
    domain temporarily to normal users.

The old stable distribution (woody) does not contain pdns packages.

For the stable distribution (sarge) these problems have been fixed in
version 2.9.17-13sarge1.

For the unstable distribution (sid) these problems have been fixed in
version 2.9.18-1.

We recommend that you upgrade your pdns package.

Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:
      Size/MD5 checksum:     1018 0853a39aeb6b4d6c9ba001f364d842bc
      Size/MD5 checksum:    29798 4c0437b86c5e3ccbffa6838012dbaf74
      Size/MD5 checksum:   782592 92489391182dc40012f1de7b2005ea93

  Architecture independent components:
      Size/MD5 checksum:   134202 bedb1d7a9eece3f76de635c23b4535d7

  Alpha architecture:
      Size/MD5 checksum:    16016 621dbb1ae4cdf8dda2396f4013608042
      Size/MD5 checksum:   128188 f2d21705577ea2a5fd1aeead8126e991
      Size/MD5 checksum:   235340 40264b77c8d36138bda47468867d7aee
      Size/MD5 checksum:   110132 46d2d68a646b4a2235de180a32f54e8e
      Size/MD5 checksum:    70406 1156c4fe6d5df7b67f918b2c6aa8c328
      Size/MD5 checksum:    81188 0c222e749e764b497dcc84f57e286475
      Size/MD5 checksum:    63782 e598603835286d3347bfa27ac51c7031
      Size/MD5 checksum:   199978 5eecc516f56b5cdcaa73e79c02daedc6
      Size/MD5 checksum:   687108 ae808192faab151eb045c8e25f8c8683

  ARM architecture:
      Size/MD5 checksum:    16026 939a3fb962ca170f622af16a82cf3549
      Size/MD5 checksum:   153700 3d678c9dd2d26015a8891fe1246cb85e
      Size/MD5 checksum:   318412 b249e42dac179db588c65cf20f2583a2
      Size/MD5 checksum:   148498 5e6d21db1505f5477ee5acf1bc0486bf
      Size/MD5 checksum:    95668 0cfd34b907b705428c60cd9871492e2d
      Size/MD5 checksum:   104304 dccbfd9c8c82e8b2a68aa1a916473dff
      Size/MD5 checksum:    85552 1f6f5a3cf8724b17b75169d93b05980c
      Size/MD5 checksum:   271888 f177cc208f286a322b2db376d6c3e192
      Size/MD5 checksum:   982256 9012824597e4bf2d90e838da4fda69bc

  Intel IA-32 architecture:
      Size/MD5 checksum:    16608 357a0624bcb110d7ce02f9a0b7bee292
      Size/MD5 checksum:   105884 7ed515d665879bfde98865dc9e0b5e8c
      Size/MD5 checksum:   190228 bb6937448e929f7a4cf2f7a7d186b0f3
      Size/MD5 checksum:    85610 ef863523590f6cbdbcb261031afedbb4
      Size/MD5 checksum:    56046 a4e44140e9864c592f90570e75020c23
      Size/MD5 checksum:    64598 d6360752c244fa6e454a1f46680888bc
      Size/MD5 checksum:    51370 13a2d22faf21717300407bdedb204309
      Size/MD5 checksum:   165408 4ced59cd5fb6f8b7cbe7347ec86f7839
      Size/MD5 checksum:   572496 c58056c3059d5f71687dfd5b9bfa6585

  Intel IA-64 architecture:
      Size/MD5 checksum:    16012 6f54caec9aa5da3883283c3aac18d5dc
      Size/MD5 checksum:   135824 4c8ddd124dbb8011c978375796b08630
      Size/MD5 checksum:   262958 8b9bfd9108a6a7ca212a77dc16b7d7c1
      Size/MD5 checksum:   112768 fed34d607080d8b97068eff67c35f42a
      Size/MD5 checksum:    68840 9a4b231eb4307dcf52a76123280d3230
      Size/MD5 checksum:    83782 2e4782611a25ed6d329ecb6f5cfbecaa
      Size/MD5 checksum:    63762 26745c938da7163790335e6fe07d7e1e
      Size/MD5 checksum:   229174 b1dfbb1c8691da8c0b53952343ed147e
      Size/MD5 checksum:   814878 82d3e7c0feca9e74ebcc57820d35b4d4

  HP Precision architecture:
      Size/MD5 checksum:    16016 7d53ffe4047bf55a3c3a979699b04d2e
      Size/MD5 checksum:   131040 dbf129fd9439d0cbddf1bbce2a194ca6
      Size/MD5 checksum:   247142 e79e4636aee39e85a2246a2d9f987df5
      Size/MD5 checksum:   114520 56e3cbcd8b2eca5bf30c1963570fbcf6
      Size/MD5 checksum:    72792 cd3e30c2a7ce276db0d52ba394f57ed7
      Size/MD5 checksum:    83954 6f59cc44bc5561769480f56919244b30
      Size/MD5 checksum:    66750 8fed2e2aa498d1be0e45878b5456a9fa
      Size/MD5 checksum:   219890 c5ea8b0c7ce3480478711ef1852cc566
      Size/MD5 checksum:   727006 d166c1b0b5e9b0989c5bb8419c377a53

  Motorola 680x0 architecture:
      Size/MD5 checksum:    16026 b08feaf530b3e51fb031b9a171075e4e
      Size/MD5 checksum:   108388 8e6d08a9371a64926d7c4beef5205945
      Size/MD5 checksum:   197570 69d053f36af9cd8f73dbc5470fa11d6f
      Size/MD5 checksum:    89250 02d1761d0141aded8587ddf3836879e2
      Size/MD5 checksum:    59904 fc5d48ee6757b37eb55d8a03e03b6c90
      Size/MD5 checksum:    67632 2aa2247dbccc281d60203d00089a4e4e
      Size/MD5 checksum:    55090 6135caa3beba19a3b6cc42cde66e1889
      Size/MD5 checksum:   167762 a01a400e8d778e7c3614d628ab912e3f
      Size/MD5 checksum:   589634 03814d127f5a1d25ce328cb5cd5f1f60

  Big endian MIPS architecture:
      Size/MD5 checksum:    16016 cd36ca9a0fa9f5a9aaa75897f3c7418c
      Size/MD5 checksum:   109798 57cb7be975fa3ea2c27ff815d7f0ba3e
      Size/MD5 checksum:   200772 89af7d035f7f9d871e95dd5e4b25bd56
      Size/MD5 checksum:    90842 f3ce3096928b9b6bdcec20d43ea32515
      Size/MD5 checksum:    59148 98bed909b4b5749ab1930a31f713aeb2
      Size/MD5 checksum:    67990 ea7e179119e0fea1d700e9f079693ca5
      Size/MD5 checksum:    54776 8d380a8440387394165eccee67c762c4
      Size/MD5 checksum:   182952 a252292345ae2f8a547d216d37cbe035
      Size/MD5 checksum:   591376 53c9316ba8c4f82f3a93a5b9d5a5f012

  Little endian MIPS architecture:
      Size/MD5 checksum:    16016 ce2a3df355d3d874115cbf67aca0cade
      Size/MD5 checksum:   109546 b3dd10a3d05006200770637f24a9103f
      Size/MD5 checksum:   200526 a24f85cca08523fb180de3ae9c5090eb
      Size/MD5 checksum:    90654 0bc9f1a71761d74f73cc93e054884215
      Size/MD5 checksum:    59120 9927d4a872906890a43791f2fe2579ee
      Size/MD5 checksum:    67968 c1d289a27a3c1229533408dff970bb23
      Size/MD5 checksum:    54760 2e63ef2b9484054bb24d194f55d286e6
      Size/MD5 checksum:   182464 a67792eee411ce6d55496303a776b3b4
      Size/MD5 checksum:   590744 ca79710d887fa76a78c19e248f4a2ee5

  PowerPC architecture:
      Size/MD5 checksum:    16012 e60ef7db0805bdaec95fe51c765157e1
      Size/MD5 checksum:   109692 21c091ec248ddd2e68be23e069afeb9e
      Size/MD5 checksum:   196256 f22de6b994c3b04218b99ec04d6f2e89
      Size/MD5 checksum:    91038 ab830c1ace1ed862494368627568ca7c
      Size/MD5 checksum:    60334 bb3342c972d9b945e6330e998c12a48d
      Size/MD5 checksum:    67878 56449e1a43d7dc0fbb6922505d1a77ff
      Size/MD5 checksum:    55134 5bba23ac17e17a39d60dd9dd0f98086c
      Size/MD5 checksum:   172386 8d62ffd1fad186ddba17d6ddbe4185a9
      Size/MD5 checksum:   592356 40c0d9e06176c89d8f321514e80c60bc

  IBM S/390 architecture:
      Size/MD5 checksum:    16016 3f336948d846b74a65e6caf93312f4d3
      Size/MD5 checksum:   104590 db7bdcbdee19d89335ed526ffb48ba05
      Size/MD5 checksum:   177148 6fbe6c2d37ab31a8d67b1f096b86820e
      Size/MD5 checksum:    82344 aef7e67405dee3c5d274903f6eae0aae
      Size/MD5 checksum:    54012 8ff5a6d7690300d795c3b3e65e1fb91d
      Size/MD5 checksum:    63390 512cced91f0a35de3b2abf993987e8f6
      Size/MD5 checksum:    49582 84980b91ee2c06ea4074bc14d6ea46d1
      Size/MD5 checksum:   152376 6910874c9685b5eb0edec47adfb36dd3
      Size/MD5 checksum:   518220 e588a8de7cd44851d96ecf2643b8cc37

  Sun Sparc architecture:
      Size/MD5 checksum:    16012 3b5eb251bd613cc3bb5bacd9712bf311
      Size/MD5 checksum:   107216 582fa89a2dce75cd3d83c5c0a2f3d6ab
      Size/MD5 checksum:   189996 16a3e141b002694be72130b7a94adbe9
      Size/MD5 checksum:    88710 5ac67170e1e2c55ed2b8c79ed222f7fc
      Size/MD5 checksum:    58438 224e96ca4e6a81321cc10c496d17cc55
      Size/MD5 checksum:    66122 fee851568972ae11df770fdd93d9d39b
      Size/MD5 checksum:    53316 8dd03fcedd9c49b7fe6ca4b135e67a70
      Size/MD5 checksum:   165450 cf2b7d9b8d7f3a2ac796544eadc6be98
      Size/MD5 checksum:   578782 cc27d78b7a21e27de95dcd1da5656ed0

  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.4.1 (GNU/Linux)


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email:
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.