medium
5
CWE
399
Advisory Published
CVE Published
Updated

CVE-2012-0206

First published: Mon Jan 09 2012(Updated: )

<a href="http://mailman.powerdns.com/pipermail/pdns-announce/2012-January/000151.html">http://mailman.powerdns.com/pipermail/pdns-announce/2012-January/000151.html</a> says: ---- Tomorrow (Tuesday the 10th of January) at 9AM eastern time, 15:00 Central European Time, we will be releasing an important PowerDNS Security Advisory. This Advisory contains details of a Denial of Service issue within all currently used versions of the PowerDNS Authoritative Server. We will be releasing: * A configuration based workaround, which might have a performance penalty * An iptables based workaround * Versions 2.9.22.5 and 3.0.1 of the Authoritative Server As source code Packages (static 32 bit and 64 bit for Debian and RPM based Linux distributions) * A one-line patch that solves the issue for source based users * Complete details of the problem The denial of service attack is temporary in nature, but can be performed using limited resources. There is no risk of a system compromise because of this attack. This pre-announcement is made to allow operators to schedule a maintenance window to possibly upgrade or modify their systems. If you anticipate requiring help upgrading your affected systems, please contact powerdns.support at netherlabs.nl. Some more details: CVE: <a href="https://access.redhat.com/security/cve/CVE-2012-0206">CVE-2012-0206</a> Date: 10th of January 2012 Affects: Most PowerDNS Authoritative Server versions &lt; 3.0.1 (with the exception of 2.9.22.5) Not affected: No versions of the PowerDNS Recursor ('pdns_recursor') are affected. Severity: High Impact: Temporary denial of service Exploit: Proof of concept Risk of system compromise: No Solution: Upgrade to PowerDNS Recursor 2.9.22.5 or 3.0.1 Workaround: Several ---- I think it would be good to upgrade the EPEL package to 2.9.22.5 once it is released tomorrow to protect users of the package from this vulnerability.

Credit: security@debian.org

Affected SoftwareAffected VersionHow to fix
PowerDNS Authoritative Server<=2.9.22
PowerDNS Authoritative Server=3.0
redhat/pdns<2.9.22.6-1.el6
2.9.22.6-1.el6

Remedy

http://doc.powerdns.com/powerdns-advisory-2012-01.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203