Säkerhetsbulletin från Debian

DSA-771-1 pdns -- flera sårbarheter

Rapporterat den:

2005-08-01

Berörda paket:

pdns

Sårbara:

Referenser i säkerhetsdatabaser:

I Debians felrapporteringssystem: Fel 318798.
I Mitres CVE-förteckning: CVE-2005-2301, CVE-2005-2302.

Ytterligare information:

Flera problem har upptäckts i pdns, en duktig namnserver, vilka kan utnyttjas till en överbelastningsattack. Projektet Common Vulnerabilities and Exposures project identifierar följande problem:

CAN-2005-2301
Norbert Sendetzky och Jan de Groot upptäckte att LDAP-funktionerna inte korrekt ersatte specialtecken i alla frågor, vilket gjorde att den kunde sluta fungera och inte längre ta emot förfrågningar.
CAN-2005-2302
Wilco Baan upptäckte att förfrågningar från klienter som inte tillåts rekursion tillfälligt kan blanka ut domäner till klienter som tillåts tillgång till rekursion. Detta gör det möjligt för användare utifrån att tillfälligt blanka ut en domän för normala användare.

Den gamla stabila utgåvan (Woody) innehåller inte något pdns-paket.

För den stabila utgåvan (Sarge) har dessa problem rättats i version 2.9.17-13sarge1.

För den instabila utgåvan (Sid) har dessa problem rättats i version 2.9.18-1.

Vi rekommenderar att ni uppgraderar ert pdns-paket.

Rättat i:

Debian GNU/Linux 3.1 (sarge)

Källkod:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1.dsc; http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1.diff.gz; http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17.orig.tar.gz
Arkitekturoberoende komponent:: http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.17-13sarge1_all.deb
Alpha:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.