[Pdns-users] Pre-announcement of PowerDNS Security Advisory 2012-01 to be released on the 10th of January

bert hubert bert.hubert at netherlabs.nl
Mon Jan 9 07:27:11 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear PowerDNS users,

Tomorrow (Tuesday the 10th of January) at 9AM eastern time, 15:00 Central
European Time, we will be releasing an important PowerDNS Security Advisory.

This Advisory contains details of a Denial of Service issue within all
currently used versions of the PowerDNS Authoritative Server.

We will be releasing:
	* A configuration based workaround, which might have a performance
	  penalty

	* An iptables based workaround

	* Versions 2.9.22.5 and 3.0.1 of the Authoritative Server
		As source code
		Packages (static 32 bit and 64 bit for Debian and RPM based
		Linux distributions)

	* A one-line patch that solves the issue for source based users

	* Complete details of the problem

The denial of service attack is temporary in nature, but can be performed
using limited resources. There is no risk of a system compromise because of
this attack.

This pre-announcement is made to allow operators to schedule a maintenance
window to possibly upgrade or modify their systems.

If you anticipate requiring help upgrading your affected systems, please
contact powerdns.support at netherlabs.nl.

Some more details:
CVE: CVE-2012-0206
Date: 10th of January 2012

Affects: Most PowerDNS Authoritative Server versions < 3.0.1 (with the 
exception of 2.9.22.5)

Not affected: No versions of the PowerDNS Recursor ('pdns_recursor') are
affected.

Severity: High
Impact: Temporary denial of service
Exploit: Proof of concept
Risk of system compromise: No
Solution: Upgrade to PowerDNS Recursor 2.9.22.5 or 3.0.1
Workaround: Several

Kind regards,

Bert Hubert
Netherlabs
- -- 
PowerDNS Website: http://www.powerdns.com/
PowerDNS Community Website: http://wiki.powerdns.com/
PowerDNS Support & Development is provided by Netherlabs Computer Consulting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk8Kls4ACgkQHF7pkNLnFXXdNwCgiWBvUnrlFbwkVDD30q691noQ
qzMAn3cuNd/ErnTqudniE8M/fFYmW56Y
=wRvu
-----END PGP SIGNATURE-----



More information about the Pdns-users mailing list