| | 127 | </sect2> |
| | 128 | <sect2 id="changelog-recursor-3-1-7-2"><title>Recursor version 3.1.7.2</title> |
| | 129 | <para> |
| | 130 | <warning> |
| | 131 | <para> |
| | 132 | Released on the 6th of January 2010. |
| | 133 | </para> |
| | 134 | </warning> |
| | 135 | </para> |
| | 136 | <para> |
| | 137 | This release consist of a number of vital security updates. These updates address issues |
| | 138 | that can in all likelihood lead to a full system compromise. In addition, it is possible for |
| | 139 | third parties to pollute your cache with dangerous data, exposing your users to possible harm. |
| | 140 | </para> |
| | 141 | <para> |
| | 142 | This version has been well tested, and at the time of this release is already powering millions |
| | 143 | of internet connections, and should therefore be a risk-free upgrade from 3.1.7.1 or any earlier |
| | 144 | version of the PowerDNS Recursor. |
| | 145 | </para> |
| | 146 | <para> |
| | 147 | All known versions of the PowerDNS Recursor are impacted to a greater or lesser extent, so an immediate update is advised. |
| | 148 | </para> |
| | 149 | <para> |
| | 150 | These vulnerabilities were discovered by a third party that can't yet be named, |
| | 151 | but who we thank for their contribution to a more secure PowerDNS Recursor. |
| | 152 | </para> |
| | 153 | <para> |
| | 154 | For more information, see <xref linkend="powerdns-advisory-2010-01"> and <xref linkend="powerdns-advisory-2010-02">. |
| | 155 | </para> |
| | 7003 | </para> |
| | 7004 | </sect1> |
| | 7005 | <sect1 id="powerdns-advisory-2010-01"> |
| | 7006 | <title>PowerDNS Security Advisory 2010-01: PowerDNS Recursor up to and including 3.1.7.1 can be brought down and probably exploited</title> |
| | 7007 | <para> |
| | 7008 | <table> |
| | 7009 | <title>PowerDNS Security Advisory</title> |
| | 7010 | <tgroup cols=2> |
| | 7011 | <tbody> |
| | 7012 | <row> |
| | 7013 | <entry> |
| | 7014 | CVE |
| | 7015 | </entry> |
| | 7016 | <entry> |
| | 7017 | CVE-2009-4009 |
| | 7018 | </entry> |
| | 7019 | </row> |
| | 7020 | <row> |
| | 7021 | <entry> |
| | 7022 | Date |
| | 7023 | </entry> |
| | 7024 | <entry> |
| | 7025 | 6th of January 2010 |
| | 7026 | </entry> |
| | 7027 | </row> |
| | 7028 | <row> |
| | 7029 | <entry> |
| | 7030 | Affects |
| | 7031 | </entry> |
| | 7032 | <entry> |
| | 7033 | PowerDNS Recursor 3.1.7.1 and earlier |
| | 7034 | </entry> |
| | 7035 | </row> |
| | 7036 | <row> |
| | 7037 | <entry> |
| | 7038 | Not affected |
| | 7039 | </entry> |
| | 7040 | <entry> |
| | 7041 | No versions of the PowerDNS Authoritative ('pdns_server') are affected. |
| | 7042 | </entry> |
| | 7043 | </row> |
| | 7044 | <row> |
| | 7045 | <entry> |
| | 7046 | Severity |
| | 7047 | </entry> |
| | 7048 | <entry> |
| | 7049 | Critical |
| | 7050 | </entry> |
| | 7051 | </row> |
| | 7052 | <row> |
| | 7053 | <entry> |
| | 7054 | Impact |
| | 7055 | </entry> |
| | 7056 | <entry> |
| | 7057 | Denial of Service, possible full system compromise |
| | 7058 | </entry> |
| | 7059 | </row> |
| | 7060 | <row> |
| | 7061 | <entry> |
| | 7062 | Exploit |
| | 7063 | </entry> |
| | 7064 | <entry> |
| | 7065 | Withheld |
| | 7066 | </entry> |
| | 7067 | </row> |
| | 7068 | <row> |
| | 7069 | <entry> |
| | 7070 | Solution |
| | 7071 | </entry> |
| | 7072 | <entry> |
| | 7073 | Upgrade to PowerDNS Recursor 3.1.7.2 or higher |
| | 7074 | </entry> |
| | 7075 | </row> |
| | 7076 | <row> |
| | 7077 | <entry> |
| | 7078 | Workaround |
| | 7079 | </entry> |
| | 7080 | <entry> |
| | 7081 | None. The risk of exploitation or denial of service can be decreased slightly by using the 'allow-from' setting to only provide service to known users. The risk of a full system |
| | 7082 | compromise can be reduced by running with a suitable reduced privilege user and group settings, and possibly chroot environment. |
| | 7083 | </entry> |
| | 7084 | </row> |
| | 7085 | </tbody> |
| | 7086 | </tgroup> |
| | 7087 | </table> |
| | 7088 | </para> |
| | 7089 | <para> |
| | 7090 | Using specially crafted packets, it is possible to force a buffer overflow in the PowerDNS Recursor, leading to a crash. |
| | 7091 | </para> |
| | 7092 | <para> |
| | 7093 | This vulnerability was discovered by a third party that (for now) prefers not to be named. PowerDNS is very grateful however for their help in |
| | 7094 | improving PowerDNS security. |
| | 7095 | </para> |
| | 7096 | </sect1> |
| | 7097 | <sect1 id="powerdns-advisory-2010-02"> |
| | 7098 | <title>PowerDNS Security Advisory 2010-02: PowerDNS Recursor up to and including 3.1.7.1 can be spoofed into accepting bogus data</title> |
| | 7099 | <para> |
| | 7100 | <table> |
| | 7101 | <title>PowerDNS Security Advisory</title> |
| | 7102 | <tgroup cols=2> |
| | 7103 | <tbody> |
| | 7104 | <row> |
| | 7105 | <entry> |
| | 7106 | CVE |
| | 7107 | </entry> |
| | 7108 | <entry> |
| | 7109 | CVE-2009-4010 |
| | 7110 | </entry> |
| | 7111 | </row> |
| | 7112 | <row> |
| | 7113 | <entry> |
| | 7114 | Date |
| | 7115 | </entry> |
| | 7116 | <entry> |
| | 7117 | 6th of January 2010 |
| | 7118 | </entry> |
| | 7119 | </row> |
| | 7120 | <row> |
| | 7121 | <entry> |
| | 7122 | Affects |
| | 7123 | </entry> |
| | 7124 | <entry> |
| | 7125 | PowerDNS Recursor 3.1.7.1 and earlier |
| | 7126 | </entry> |
| | 7127 | </row> |
| | 7128 | <row> |
| | 7129 | <entry> |
| | 7130 | Not affected |
| | 7131 | </entry> |
| | 7132 | <entry> |
| | 7133 | No versions of the PowerDNS Authoritative ('pdns_server') are affected. |
| | 7134 | </entry> |
| | 7135 | </row> |
| | 7136 | <row> |
| | 7137 | <entry> |
| | 7138 | Severity |
| | 7139 | </entry> |
| | 7140 | <entry> |
| | 7141 | High |
| | 7142 | </entry> |
| | 7143 | </row> |
| | 7144 | <row> |
| | 7145 | <entry> |
| | 7146 | Impact |
| | 7147 | </entry> |
| | 7148 | <entry> |
| | 7149 | Using smart techniques, it is possible to fool the PowerDNS Recursor into accepting unauthorized data |
| | 7150 | </entry> |
| | 7151 | </row> |
| | 7152 | <row> |
| | 7153 | <entry> |
| | 7154 | Exploit |
| | 7155 | </entry> |
| | 7156 | <entry> |
| | 7157 | Withheld |
| | 7158 | </entry> |
| | 7159 | </row> |
| | 7160 | <row> |
| | 7161 | <entry> |
| | 7162 | Solution |
| | 7163 | </entry> |
| | 7164 | <entry> |
| | 7165 | Upgrade to PowerDNS Recursor 3.1.7.2 or higher |
| | 7166 | </entry> |
| | 7167 | </row> |
| | 7168 | <row> |
| | 7169 | <entry> |
| | 7170 | Workaround |
| | 7171 | </entry> |
| | 7172 | <entry> |
| | 7173 | None. |
| | 7174 | </entry> |
| | 7175 | </row> |
| | 7176 | </tbody> |
| | 7177 | </tgroup> |
| | 7178 | </table> |
| | 7179 | </para> |
| | 7180 | <para> |
| | 7181 | Using specially crafted zones, it is possible to fool the PowerDNS Recursor into accepting bogus data. This data might be harmful to your users. |
| | 7182 | An attacker would be able to divert data from, say, bigbank.com to an IP address of his choosing. |
| | 7183 | </para> |
| | 7184 | <para> |
| | 7185 | This vulnerability was discovered by a third party that (for now) prefers not to be named. PowerDNS is very grateful however for their help in |
| | 7186 | improving PowerDNS security. |
