Re: PowerDNS Security Advisory 2014-02

[Peter van Dijk <peter.van.dijk () netherlabs nl>]

Hello Hanno,

On 08 Dec 2014, at 23:26 , Hanno Böck <hanno () hboeck de> wrote:

> Thanks for the info.
>
> Right now details on this vuln seem to be scarce. I asked myself some
> questions, but I don't know DNS internals very well.

These two articles from NLNetlabs and ISC might help, they are more verbose than ours:
http://www.unbound.net/downloads/CVE-2014-8602.txt
https://kb.isc.org/article/AA-01216

I’m happy to answer followup questions.

> As this affects three implementations the obvious first question would
> be if others are affected, too. Has this been checked?

Somebody asked me to (help him) check djbdns today, which we’ll do. Any other implementations you are interested in? I 
have a lab setup for this issue so I’m happy to check.

> And is this only a DoS for the attacked server or would it also allow
> some completely new kind of DNS reflection attack (i.e. generating a
> loop where every loop iteration generates an UDP packet send to a
> victim)?

I’m convinced the loop could involve unwilling victims (unless they send responses that break the loop!), but I have 
not tried this in practice.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail