CVE-2005-2301
CVSS5.0
发布时间 :2005-07-19 00:00:00
修订时间 :2016-10-17 23:26:16
NMCOPS    

[原文]PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.


[CNNVD]PowerDNS LDAP query 拒绝服务漏洞(CNNVD-200507-237)

        PowerDNS 是一个跨平台的开源DNS服务组件。
        PowerDNS 2.9.18之前的版本存在拒绝服务漏洞。
        在运行于LDAP后端时,由于未正确避开LDAP查询,远程攻击者可以使系统拒绝服务(回答ldap问题失败),并可能执行LDAP注入攻击。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:powerdns:powerdns:2.9.13
cpe:/a:powerdns:powerdns:2.9.12
cpe:/a:powerdns:powerdns:2.9.11
cpe:/a:powerdns:powerdns:2.9.10
cpe:/a:powerdns:powerdns:2.9.6
cpe:/a:powerdns:powerdns:2.9.5
cpe:/a:powerdns:powerdns:2.9.8
cpe:/a:powerdns:powerdns:2.9.7
cpe:/a:powerdns:powerdns:2.9.3a
cpe:/a:powerdns:powerdns:2.9.0
cpe:/a:powerdns:powerdns:2.9.2
cpe:/a:powerdns:powerdns:2.9.1
cpe:/a:powerdns:powerdns:2.9.4
cpe:/a:powerdns:powerdns:2.9.17
cpe:/a:powerdns:powerdns:2.9.16
cpe:/a:powerdns:powerdns:2.9.15
cpe:/a:powerdns:powerdns:2.9.14

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2301
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2301
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-237
(官方数据源) CNNVD

- 其它链接及资源

http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18
(UNKNOWN)  CONFIRM  http://doc.powerdns.com/changelog.html#CHANGELOG-2-9-18
http://marc.info/?l=bugtraq&m=112155941310297&w=2
(UNKNOWN)  BUGTRAQ  20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP
http://securitytracker.com/id?1014504
(UNKNOWN)  SECTRACK  1014504
http://www.novell.com/linux/security/advisories/2005_19_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:019
http://www.securityfocus.com/bid/14290
(UNKNOWN)  BID  14290

- 漏洞信息

PowerDNS LDAP query 拒绝服务漏洞
中危 输入验证
2005-07-19 00:00:00 2005-10-20 00:00:00
远程  
        PowerDNS 是一个跨平台的开源DNS服务组件。
        PowerDNS 2.9.18之前的版本存在拒绝服务漏洞。
        在运行于LDAP后端时,由于未正确避开LDAP查询,远程攻击者可以使系统拒绝服务(回答ldap问题失败),并可能执行LDAP注入攻击。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.powerdns.com/

- 漏洞信息 (F39037)

Debian Linux Security Advisory 771-1 (PacketStormID:F39037)
2005-08-05 00:00:00
Debian  security.debian.org
advisory,denial of service
linux,debian
CVE-2005-2301,CVE-2005-2302
[点击下载]

Debian Security Advisory DSA 771-1 - Several problems have been discovered in pdns, a versatile nameserver that can lead to a denial of service.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 771-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 1st, 2005                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : pdns
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2301 CAN-2005-2302
Debian Bug     : 318798

Several problems have been discovered in pdns, a versatile nameserver
that can lead to a denial of service.  The Common Vulnerabilities and
Exposures project identifies the following problems:

CAN-2005-2301

    Norbert Sendetzky and Jan de Groot discoverd that the LDAP backend
    did not properly escape all queries, allowing it to fail and not
    answer queries anymore.

CAN-2005-2302

    Wilco Baan discovered that queries from clients without recursion
    permission can temporarily blank out domains to clients with
    recursion permitted.  This enables outside users to blank out a
    domain temporarily to normal users.

The old stable distribution (woody) does not contain pdns packages.

For the stable distribution (sarge) these problems have been fixed in
version 2.9.17-13sarge1.

For the unstable distribution (sid) these problems have been fixed in
version 2.9.18-1.

We recommend that you upgrade your pdns package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1.dsc
      Size/MD5 checksum:     1018 0853a39aeb6b4d6c9ba001f364d842bc
    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1.diff.gz
      Size/MD5 checksum:    29798 4c0437b86c5e3ccbffa6838012dbaf74
    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17.orig.tar.gz
      Size/MD5 checksum:   782592 92489391182dc40012f1de7b2005ea93

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.17-13sarge1_all.deb
      Size/MD5 checksum:   134202 bedb1d7a9eece3f76de635c23b4535d7

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_alpha.deb
      Size/MD5 checksum:    16016 621dbb1ae4cdf8dda2396f4013608042
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_alpha.deb
      Size/MD5 checksum:   128188 f2d21705577ea2a5fd1aeead8126e991
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_alpha.deb
      Size/MD5 checksum:   235340 40264b77c8d36138bda47468867d7aee
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_alpha.deb
      Size/MD5 checksum:   110132 46d2d68a646b4a2235de180a32f54e8e
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_alpha.deb
      Size/MD5 checksum:    70406 1156c4fe6d5df7b67f918b2c6aa8c328
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_alpha.deb
      Size/MD5 checksum:    81188 0c222e749e764b497dcc84f57e286475
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_alpha.deb
      Size/MD5 checksum:    63782 e598603835286d3347bfa27ac51c7031
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_alpha.deb
      Size/MD5 checksum:   199978 5eecc516f56b5cdcaa73e79c02daedc6
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_alpha.deb
      Size/MD5 checksum:   687108 ae808192faab151eb045c8e25f8c8683

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_arm.deb
      Size/MD5 checksum:    16026 939a3fb962ca170f622af16a82cf3549
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_arm.deb
      Size/MD5 checksum:   153700 3d678c9dd2d26015a8891fe1246cb85e
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_arm.deb
      Size/MD5 checksum:   318412 b249e42dac179db588c65cf20f2583a2
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_arm.deb
      Size/MD5 checksum:   148498 5e6d21db1505f5477ee5acf1bc0486bf
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_arm.deb
      Size/MD5 checksum:    95668 0cfd34b907b705428c60cd9871492e2d
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_arm.deb
      Size/MD5 checksum:   104304 dccbfd9c8c82e8b2a68aa1a916473dff
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_arm.deb
      Size/MD5 checksum:    85552 1f6f5a3cf8724b17b75169d93b05980c
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_arm.deb
      Size/MD5 checksum:   271888 f177cc208f286a322b2db376d6c3e192
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_arm.deb
      Size/MD5 checksum:   982256 9012824597e4bf2d90e838da4fda69bc

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_i386.deb
      Size/MD5 checksum:    16608 357a0624bcb110d7ce02f9a0b7bee292
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_i386.deb
      Size/MD5 checksum:   105884 7ed515d665879bfde98865dc9e0b5e8c
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_i386.deb
      Size/MD5 checksum:   190228 bb6937448e929f7a4cf2f7a7d186b0f3
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_i386.deb
      Size/MD5 checksum:    85610 ef863523590f6cbdbcb261031afedbb4
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_i386.deb
      Size/MD5 checksum:    56046 a4e44140e9864c592f90570e75020c23
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_i386.deb
      Size/MD5 checksum:    64598 d6360752c244fa6e454a1f46680888bc
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_i386.deb
      Size/MD5 checksum:    51370 13a2d22faf21717300407bdedb204309
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_i386.deb
      Size/MD5 checksum:   165408 4ced59cd5fb6f8b7cbe7347ec86f7839
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_i386.deb
      Size/MD5 checksum:   572496 c58056c3059d5f71687dfd5b9bfa6585

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_ia64.deb
      Size/MD5 checksum:    16012 6f54caec9aa5da3883283c3aac18d5dc
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_ia64.deb
      Size/MD5 checksum:   135824 4c8ddd124dbb8011c978375796b08630
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_ia64.deb
      Size/MD5 checksum:   262958 8b9bfd9108a6a7ca212a77dc16b7d7c1
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_ia64.deb
      Size/MD5 checksum:   112768 fed34d607080d8b97068eff67c35f42a
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_ia64.deb
      Size/MD5 checksum:    68840 9a4b231eb4307dcf52a76123280d3230
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_ia64.deb
      Size/MD5 checksum:    83782 2e4782611a25ed6d329ecb6f5cfbecaa
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_ia64.deb
      Size/MD5 checksum:    63762 26745c938da7163790335e6fe07d7e1e
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_ia64.deb
      Size/MD5 checksum:   229174 b1dfbb1c8691da8c0b53952343ed147e
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_ia64.deb
      Size/MD5 checksum:   814878 82d3e7c0feca9e74ebcc57820d35b4d4

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_hppa.deb
      Size/MD5 checksum:    16016 7d53ffe4047bf55a3c3a979699b04d2e
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_hppa.deb
      Size/MD5 checksum:   131040 dbf129fd9439d0cbddf1bbce2a194ca6
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_hppa.deb
      Size/MD5 checksum:   247142 e79e4636aee39e85a2246a2d9f987df5
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_hppa.deb
      Size/MD5 checksum:   114520 56e3cbcd8b2eca5bf30c1963570fbcf6
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_hppa.deb
      Size/MD5 checksum:    72792 cd3e30c2a7ce276db0d52ba394f57ed7
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_hppa.deb
      Size/MD5 checksum:    83954 6f59cc44bc5561769480f56919244b30
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_hppa.deb
      Size/MD5 checksum:    66750 8fed2e2aa498d1be0e45878b5456a9fa
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_hppa.deb
      Size/MD5 checksum:   219890 c5ea8b0c7ce3480478711ef1852cc566
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_hppa.deb
      Size/MD5 checksum:   727006 d166c1b0b5e9b0989c5bb8419c377a53

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_m68k.deb
      Size/MD5 checksum:    16026 b08feaf530b3e51fb031b9a171075e4e
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_m68k.deb
      Size/MD5 checksum:   108388 8e6d08a9371a64926d7c4beef5205945
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_m68k.deb
      Size/MD5 checksum:   197570 69d053f36af9cd8f73dbc5470fa11d6f
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_m68k.deb
      Size/MD5 checksum:    89250 02d1761d0141aded8587ddf3836879e2
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_m68k.deb
      Size/MD5 checksum:    59904 fc5d48ee6757b37eb55d8a03e03b6c90
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_m68k.deb
      Size/MD5 checksum:    67632 2aa2247dbccc281d60203d00089a4e4e
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_m68k.deb
      Size/MD5 checksum:    55090 6135caa3beba19a3b6cc42cde66e1889
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_m68k.deb
      Size/MD5 checksum:   167762 a01a400e8d778e7c3614d628ab912e3f
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_m68k.deb
      Size/MD5 checksum:   589634 03814d127f5a1d25ce328cb5cd5f1f60

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_mips.deb
      Size/MD5 checksum:    16016 cd36ca9a0fa9f5a9aaa75897f3c7418c
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_mips.deb
      Size/MD5 checksum:   109798 57cb7be975fa3ea2c27ff815d7f0ba3e
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_mips.deb
      Size/MD5 checksum:   200772 89af7d035f7f9d871e95dd5e4b25bd56
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_mips.deb
      Size/MD5 checksum:    90842 f3ce3096928b9b6bdcec20d43ea32515
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_mips.deb
      Size/MD5 checksum:    59148 98bed909b4b5749ab1930a31f713aeb2
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_mips.deb
      Size/MD5 checksum:    67990 ea7e179119e0fea1d700e9f079693ca5
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_mips.deb
      Size/MD5 checksum:    54776 8d380a8440387394165eccee67c762c4
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_mips.deb
      Size/MD5 checksum:   182952 a252292345ae2f8a547d216d37cbe035
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_mips.deb
      Size/MD5 checksum:   591376 53c9316ba8c4f82f3a93a5b9d5a5f012

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_mipsel.deb
      Size/MD5 checksum:    16016 ce2a3df355d3d874115cbf67aca0cade
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_mipsel.deb
      Size/MD5 checksum:   109546 b3dd10a3d05006200770637f24a9103f
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_mipsel.deb
      Size/MD5 checksum:   200526 a24f85cca08523fb180de3ae9c5090eb
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_mipsel.deb
      Size/MD5 checksum:    90654 0bc9f1a71761d74f73cc93e054884215
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_mipsel.deb
      Size/MD5 checksum:    59120 9927d4a872906890a43791f2fe2579ee
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_mipsel.deb
      Size/MD5 checksum:    67968 c1d289a27a3c1229533408dff970bb23
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_mipsel.deb
      Size/MD5 checksum:    54760 2e63ef2b9484054bb24d194f55d286e6
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_mipsel.deb
      Size/MD5 checksum:   182464 a67792eee411ce6d55496303a776b3b4
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_mipsel.deb
      Size/MD5 checksum:   590744 ca79710d887fa76a78c19e248f4a2ee5

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_powerpc.deb
      Size/MD5 checksum:    16012 e60ef7db0805bdaec95fe51c765157e1
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_powerpc.deb
      Size/MD5 checksum:   109692 21c091ec248ddd2e68be23e069afeb9e
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_powerpc.deb
      Size/MD5 checksum:   196256 f22de6b994c3b04218b99ec04d6f2e89
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_powerpc.deb
      Size/MD5 checksum:    91038 ab830c1ace1ed862494368627568ca7c
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_powerpc.deb
      Size/MD5 checksum:    60334 bb3342c972d9b945e6330e998c12a48d
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_powerpc.deb
      Size/MD5 checksum:    67878 56449e1a43d7dc0fbb6922505d1a77ff
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_powerpc.deb
      Size/MD5 checksum:    55134 5bba23ac17e17a39d60dd9dd0f98086c
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_powerpc.deb
      Size/MD5 checksum:   172386 8d62ffd1fad186ddba17d6ddbe4185a9
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_powerpc.deb
      Size/MD5 checksum:   592356 40c0d9e06176c89d8f321514e80c60bc

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_s390.deb
      Size/MD5 checksum:    16016 3f336948d846b74a65e6caf93312f4d3
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_s390.deb
      Size/MD5 checksum:   104590 db7bdcbdee19d89335ed526ffb48ba05
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_s390.deb
      Size/MD5 checksum:   177148 6fbe6c2d37ab31a8d67b1f096b86820e
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_s390.deb
      Size/MD5 checksum:    82344 aef7e67405dee3c5d274903f6eae0aae
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_s390.deb
      Size/MD5 checksum:    54012 8ff5a6d7690300d795c3b3e65e1fb91d
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_s390.deb
      Size/MD5 checksum:    63390 512cced91f0a35de3b2abf993987e8f6
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_s390.deb
      Size/MD5 checksum:    49582 84980b91ee2c06ea4074bc14d6ea46d1
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_s390.deb
      Size/MD5 checksum:   152376 6910874c9685b5eb0edec47adfb36dd3
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_s390.deb
      Size/MD5 checksum:   518220 e588a8de7cd44851d96ecf2643b8cc37

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_sparc.deb
      Size/MD5 checksum:    16012 3b5eb251bd613cc3bb5bacd9712bf311
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_sparc.deb
      Size/MD5 checksum:   107216 582fa89a2dce75cd3d83c5c0a2f3d6ab
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_sparc.deb
      Size/MD5 checksum:   189996 16a3e141b002694be72130b7a94adbe9
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_sparc.deb
      Size/MD5 checksum:    88710 5ac67170e1e2c55ed2b8c79ed222f7fc
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_sparc.deb
      Size/MD5 checksum:    58438 224e96ca4e6a81321cc10c496d17cc55
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_sparc.deb
      Size/MD5 checksum:    66122 fee851568972ae11df770fdd93d9d39b
    http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_sparc.deb
      Size/MD5 checksum:    53316 8dd03fcedd9c49b7fe6ca4b135e67a70
    http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_sparc.deb
      Size/MD5 checksum:   165450 cf2b7d9b8d7f3a2ac796544eadc6be98
    http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_sparc.deb
      Size/MD5 checksum:   578782 cc27d78b7a21e27de95dcd1da5656ed0


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC7ep8W5ql+IAeqTIRAr5/AJ0Woa+hBlJuGSpyJMN//zx2jNfgEACgqw+a
067lxtljzkzkKI/sdrLqljU=
=WBt7
-----END PGP SIGNATURE-----

    

- 漏洞信息

18003
PowerDNS LDAP Backend Unspecified Query Filter Issue
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-07-16 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.9.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PowerDNS LDAP Backend Query Escape Failure Vulnerability
Input Validation Error 14290
Yes No
2005-07-17 12:00:00 2009-07-12 04:06:00
Credited to Norbert Sendetzky and Jan de Groot.

- 受影响的程序版本

S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
PowerDNS PowerDNS 2.9.17
+ Gentoo Linux
PowerDNS PowerDNS 2.9.16
PowerDNS PowerDNS 2.9.15
+ Gentoo Linux
PowerDNS PowerDNS 2.8
PowerDNS PowerDNS 2.0 RC1
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
PowerDNS PowerDNS 2.9.18

- 不受影响的程序版本

PowerDNS PowerDNS 2.9.18

- 漏洞讨论

The PowerDNS LDAP back-end did not adequately escape requests prior to version 2.9.18. As a result, it was possible for requests to fail without answering questions. This may have security implications in environments where PowerDNS and LDAP are used. The vendor has fixed this in version 2.9.18.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

The vendor has released a new version, PowerDNS 2.9.18. It is available at http://www.powerdns.com.

Debian GNU/Linux has released advisory DSA 771-1 to address this issue. Please see the referenced advisory for further information.

Debian has released security advisory DSA 773-1 addressing several issues for their AMD64 port of the operating system. Please see the referenced
advisory for further information.

SUSE has released a security summary report (SUSE-SR:2005:019) addressing this and other issues. Please see the referenced advisory for further information.


PowerDNS PowerDNS 2.9.17

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站