oss-sec mailing list archives
PowerDNS Security Advisory 2018-02
From: Remi Gacogne <remi.gacogne () powerdns com>
Date: Wed, 9 May 2018 10:15:31 +0200
Hello everybody, We released PowerDNS Authoritative 4.1.2 yesterday, fixing a security issue (CVE-2018-1046) affecting the dnsreplay tool included with it. Versions of dnsreplay from 4.0.0 up to and including 4.1.1 are vulnerable. The full security advisory can be found below and at https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html The issue is a stack-based buffer overflow occurring when replaying a specially crafted PCAP file with the `--ecs-stamp` option enabled, leading to a denial of service or potentially arbitrary code execution. Regardless of this issue, we do not advise the use of dnsreplay with untrusted PCAP files. The commit fixing the issue can be found here: https://github.com/PowerDNS/pdns/commit/f9c57c98da1b1007a51680629b667d57d9b702b8 We would like to thank Wei Hao for finding and subsequently reporting this issue. Please feel free to contact me directly if you have any question. Best regards, Remi and the PowerDNS team PowerDNS Security Advisory 2018-02: Buffer overflow in dnsreplay ================================================================ - CVE: CVE-2018-1046 - Date: May 8th 2018 - Credit: Wei Hao - Affects: dnsreplay from 4.0.0 up to and including 4.1.1 - Not affected: dnsreplay 3.4.11, 4.1.2 - Severity: High - Impact: Arbitrary code execution - Exploit: This problem can be triggered via a crafted PCAP file - Risk of system compromise: Yes - Solution: Upgrade to a non-affected version An issue has been found in the dnsreplay tool provided with PowerDNS Authoritative, where replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the `--ecs-stamp` option of dnsreplay is used. Regardless of this issue, the use of dnsreplay with untrusted PCAP files is not advised. This issue has been assigned CVE-2018-1046 by Red Hat. PowerDNS Authoritative from 4.0.0 up to and including 4.1.1 is affected. We would like to thank Wei Hao for finding and subsequently reporting this issue.
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- PowerDNS Security Advisory 2018-02 Remi Gacogne (May 09)