Debian Security Advisory
DSA-2385-1 pdns -- packet loop
- Date Reported:
- 10 Jan 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-0206.
- More information:
Ray Morris discovered that the PowerDNS authoritative server responds to response packets. An attacker who can spoof the source address of IP packets can cause an endless packet loop between a PowerDNS authoritative server and another DNS server, leading to a denial of service.
For the oldstable distribution (lenny), this problem has been fixed in version 18.104.22.168-1+lenny1.
For the stable distribution (squeeze), this problem has been fixed in version 2.9.22-8+squeeze1.
For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your pdns packages.