Bugzilla – Bug 987872
VUL-0: CVE-2016-6172: pdns: malicious primary DNS servers can crash secondaries
Last modified: 2017-01-05 12:29:12 UTC
via oss-sec http://seclists.org/oss-sec/2016/q3/19 "most DNS server implementations do not implement reasonable restrictions for zone sizes. This allows an explicitly configured primary DNS server for a zone to crash a secondary DNS server, affecting service of other zones hosted on the same secondary server." from https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html > * [ For [LT] Secondary DNS Service ] > > See https://github.com/sischkg/xfer-limit > > Most of authoritative DNS server softwares do not have size limit of > zone transfer. He generated unlimited zone information at master > server, and transfered to slave servers. BIND 9, knot DNS and Power > DNS slave servers received unlimited zone informataion and died. > NSD slave DNS server received unlimited zone data and /tmp became full. > > He generated zone transfer size limit patch for BIND 9, Knot, NSD, > PowerDNS. Third party patches at https://github.com/sischkg/xfer-limit References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6172 http://seclists.org/oss-sec/2016/q3/20 openSUSE only.
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (987872) was mentioned in https://build.opensuse.org/request/show/417748 13.2+42.1 / pdns
thanks
openSUSE-SU-2016:2116-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 987872 CVE References: CVE-2016-6172 Sources used: openSUSE Leap 42.1 (src): pdns-3.4.6-3.1 openSUSE 13.2 (src): pdns-3.3.1-2.6.1
all done, closing