[Pdns-users] Attack scope clarification, Ubuntu PowerDNS Recursor Updates + need to restart

allied internet ag- Stefan Priebe s.priebe at allied-internet.ag
Sat Jan 9 12:11:48 UTC 2010 

What is about debian - there doesn't seem to be any updates at all... :-(

Stefan

bert hubert schrieb:
> Dear PowerDNS Users,
> 
> Three important updates:
> 
> 1) To clarify, *ALL* PowerDNS Recursor installations are vulnerable to
> attack, even if you only provide service to trusted users! There is an
> attack vector through malicious authoritative servers.
> 
> 2) A reminder, some PowerDNS Packages do not automatically restart the
> PowerDNS Recursor when an upgrade is installed. To be on the safe side,
> restart your recursor manually.
> 
> 3) I'm happy to report that, contrary to initial indications, Ubuntu has in
> fact updated the PowerDNS Recursor for their recent distributions, and will
> be addressing their older versions too once we get round to shipping the
> patch to 3.1.4.
> 
> Many thanks to Imre Gergely, who mangled the patches for Ubuntu.
> 
> 	Bert
> 
> 
> On Wed, Jan 06, 2010 at 04:19:56PM +0100, bert hubert wrote:
>> The correct links to the .deb packages are:
>> http://downloads.powerdns.com/releases/deb/pdns-recursor_3.1.7.2-1_i386.deb
>> http://downloads.powerdns.com/releases/deb/pdns-recursor_3.1.7.2-1_amd64.deb
>>
>> Special 'upgrade option of last resort' (old systems)
>> -----------------------------------------------------
>> In addition, as a special service, we are also providing two precompiled
>> fully static Linux binaries as an 'upgrade option of last resort':
>>
>> http://downloads.powerdns.com/releases/pdns_recursor-3.1.7.2.amd64.static.executable
>> http://downloads.powerdns.com/releases/pdns_recursor-3.1.7.2.i386.static.executable
>>
>> These two binaries are suitable of our .deb or .rpm files somehow refuse to
>> load (which happens on RHEL version 3, for example).
>>
>> Download the appropriate executable, rename to pdns_recursor, set the
>> executable bit (chmod a+x pdns_recursor), and 'mv' the executable over
>> /usr/sbin/pdns_recursor.
>>
>> 	Bert
>>
>> On Wed, Jan 06, 2010 at 04:11:09PM +0100, bert hubert wrote:
>>> Dear PowerDNS Users,
>>>
>>> Two major vulnerabilities have recently been discovered in the PowerDNS
>>> Recursor (all versions up to and including 3.1.7.1). Over the past two
>>> weeks, these vulnerabilities have been addressed, resulting in PowerDNS
>>> Recursor 3.1.7.2.
>>>
>>> Given the nature and magnitude of these vulnerabilities, ALL PowerDNS
>>> RECURSOR USERS ARE URGED TO UPGRADE AT THEIR EARLIEST CONVENIENCE. No
>>> versions of the PowerDNS Authoritative Server are affected.
>>>
>>> PowerDNS Recursor 3.1.7.2 as been thoroughly tested, and has in fact been in
>>> production for a week at some major sites already.  No problems have been
>>> reported. 3.1.7.2 does not include anything other than security updates.
>>>
>>> The two major vulnerabilities can lead to a FULL SYSTEM COMPROMISE, as well
>>> as cache poisoning, connecting your users to possibly malicious IP addresses.
>>>
>>> These vulnerabilities were discovered by a third party that for now prefers
>>> not to be named. PowerDNS is however very grateful for their help. More
>>> details are available on:
>>> http://doc.powerdns.com/powerdns-advisory-2010-01.html
>>> http://doc.powerdns.com/powerdns-advisory-2010-02.html
>>>
>>> Debian, FreeBSD, Gentoo and SuSE are processing the changed packages, and
>>> will be releasing security updates shortly. Ubuntu does not provide security
>>> updates for PowerDNS, so Ubuntu users must take immediate action and
>>> download our packages.
>>>
>>> RHEL4/5, CentOS packages are available (care of Kees Monshouwer) here:
>>> http://www.monshouwer.eu/download/3th_party/pdns-recursor/
>>>
>>> Updated packages for .deb based systems are available here:
>>> http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.7.2-1.i386.rpm
>>> http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.7.2-1.x86_64.rpm
>>>
>>> Updated packages for .rpm based systems are available here:
>>> http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.7.2-1.i386.rpm
>>> http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.7.2-1.x86_64.rpm
>>>
>>> Source code is available here:
>>> http://downloads.powerdns.com/releases/pdns-recursor-3.1.7.2.tar.bz2
>>>
>>> If you need any help in upgrading, please do not hesitate to contact us.
>>>
>>> Kind regards,
>>>
>>>
>>> Bert Hubert
>> _______________________________________________
>> Pdns-announce mailing list
>> Pdns-announce at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-announce
>>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list