954402 – (CVE-2015-5311) VUL-0: CVE-2015-5311: pdns: packet parsing bug can lead to crashes (DoS)

Bug 954402 (CVE-2015-5311) - VUL-0: CVE-2015-5311: pdns: packet parsing bug can lead to crashes (DoS)

Summary: VUL-0: CVE-2015-5311: pdns: packet parsing bug can lead to crashes (DoS)

Status:	RESOLVED FIXED

Alias:	CVE-2015-5311

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Adam Majer
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/158679/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-11-10 08:41 UTC by Sebastian Krahmer
Modified:	2016-12-09 20:07 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2015-11-10 08:41:52 UTC

Via oss-sec:

We'd like to make you aware of PowerDNS Security Advisory 2015-3[1].

* CVE: CVE-2015-5311
* Date: November 9th 2015
* Credit: Christian Hofstaedtler
* Affects: PowerDNS Authoritative Server 3.4.4 through 3.4.6
* Not affected: PowerDNS Authoritative Server 3.3.x and 3.4.7 and up
* Severity: High
* Impact: Degraded service or Denial of service
* Exploit: This problem can be triggered by sending specially crafted
  query packets
* Risk of system compromise: No
* Solution: Upgrade to a non-affected version
* Workaround: run the process inside the guardian or inside a supervisor

A bug was found using `afl-fuzz` in our packet parsing code. This bug,
when exploited, causes an assertion error and consequent termination
of the the `pdns_server` process, causing a Denial of Service.

When the PowerDNS Authoritative Server is run inside the guardian
(`--guardian`), or inside a supervisor like supervisord or systemd, it
will be automatically restarted, limiting the impact to a somewhat
degraded service.

PowerDNS Authoritative Server 3.4.4 - 3.4.6 are affected. No other
versions are affected. The PowerDNS Recursor is not affected.

PowerDNS Authoritative Server 3.4.7 contains a fix to this issue. A
minimal patch is available [2].

This issue is unrelated to the issues in our previous two Security
Announcements 2015-01 and 2015-02.

We'd like to thank Christian Hofstaedtler of Deduktiva GmbH for
finding and reporting this issue.

1 - https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/
2 - https://downloads.powerdns.com/patches/2015-03/
- -- 
Pieter Lexis

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1279377
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5311
http://seclists.org/oss-sec/2015/q4/239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5311

Comment 2 Swamp Workflow Management 2015-11-10 23:00:26 UTC

bugbot adjusting priority

Comment 3 Bernhard Wiedemann 2016-11-30 17:00:17 UTC

This is an autogenerated message for OBS integration:
This bug (954402) was mentioned in
https://build.opensuse.org/request/show/442927 42.1 / pdns

Comment 4 Andreas Stieger 2016-12-09 16:22:32 UTC

release

Comment 5 Swamp Workflow Management 2016-12-09 20:07:28 UTC

openSUSE-SU-2016:3074-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 954402
CVE References: CVE-2015-5311
Sources used:
openSUSE Leap 42.1 (src):    pdns-3.4.6-9.2