Bug 747835 (CVE-2012-1193) - VUL-0: CVE-2012-1193: pdns-recursor: Deleted / ghost domain names resolving flaw
Summary: VUL-0: CVE-2012-1193: pdns-recursor: Deleted / ghost domain names resolving flaw
Status: RESOLVED FIXED
Alias: CVE-2012-1193
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Vladimir Nadvornik
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-02-20 08:55 UTC by Matthias Weckbecker
Modified: 2015-03-30 11:19 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2012-02-20 08:55:11 UTC 
"The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached
server names and TTL values in NS records during the processing of a response
to an A record query, which allows remote attackers to trigger continued
resolvability of revoked domain names via a "ghost domain names" attack.",

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1193
Comment 2 Sebastian Krahmer 2012-04-17 13:46:25 UTC 
any progress here?
Comment 3 Matthias Weckbecker 2012-08-16 13:50:20 UTC 
(In reply to comment #2)
> any progress here?

Yes, while listing to some music and actually *reading* the paper, I believe it
is fixed by [1]. Basically, it boils down to what's recommended in the paper as
"3rd mitigation solution" in chpt. 5.1.

[1] http://wiki.powerdns.com/trac/changeset?&old=2413&new=2414
[2] https://www.isc.org/files/imce/ghostdomain_camera.pdf
Comment 4 Johannes Segitz 2015-03-30 11:19:30 UTC 
fixed in current openSUSE versions. Not in SLES