Debian Security Advisory

DSA-1968-1 pdns-recursor -- several vulnerabilities

Date Reported:
08 Jan 2010
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2009-4009, CVE-2009-4010.
More information:

It was discovered that pdns-recursor, the PowerDNS recursive name server, contains several vulnerabilities:

  • CVE-2009-4009

    A buffer overflow can be exploited to crash the daemon, or potentially execute arbitrary code.

  • CVE-2009-4010

    A cache poisoning vulnerability may allow attackers to trick the server into serving incorrect DNS data.

For the oldstable distribution (etch), fixed packages will be provided soon.

For the stable distribution (lenny), these problems have been fixed in version 3.1.7-1+lenny1.

For the unstable distribution (sid), these problems have been fixed in version

We recommend that you upgrade your pdns-recursor package.

Fixed in:

Debian GNU/Linux 5.0 (lenny)

Intel IA-32:
Intel IA-64:
IBM S/390:

MD5 checksums of the listed files are available in the original advisory.