Debians sikkerhedsbulletin

DSA-771-1 pdns -- flere sårbarheder

Rapporteret den:

1. aug 2005

Berørte pakker:

pdns

Sårbar:

Referencer i sikkerhedsdatabaser:

I Debians fejlsporingssystem: Fejl 318798.
I Mitres CVE-ordbog: CVE-2005-2301, CVE-2005-2302.

Yderligere oplysninger:

Flere problemer er opdaget i pdns, en alsidig navneserver, som kunne medføre et lammelsesangreb. Projektet Common Vulnerabilities and Exposures har fundet frem til følgende problemer:

CAN-2005-2301
Norbert Sendetzky og Jan de Groot har opdaget at LDAP-backend'en ikke indkapslede alle forespørgsler på korrekt vis, hvilket fik den til at fejle og ikke længere besvare forespørgsler.
CAN-2005-2302
Wilco Baan har opdaget at forespørgsler fra klienter uden rekursionsrettigheder, midlertidigt kunne få domæner til at forsvinde for klienter hvor rekursion var tilladt. Dette gjorde det muligt for udefra kommende brugere at få et domæne til at forsvinde midlertidigt for almindelige brugere.

Den gamle stabile distribution (woody) indeholder ikke pakken pdns.

I den stabile distribution (sarge) er disse problemer rettet i version 2.9.17-13sarge1.

I den ustabile distribution (sid) er disse problemer rettet i version 2.9.18-1.

Vi anbefaler at du opgraderer din pdns-pakke.

Rettet i:

Debian GNU/Linux 3.1 (sarge)

Kildekode:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1.dsc; http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1.diff.gz; http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17.orig.tar.gz
Arkitekturuafhængig komponent:: http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.17-13sarge1_all.deb
Alpha:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.