发布时间 :2005-07-19 00:00:00
修订时间 :2016-10-17 23:26:16

[原文]PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.

[CNNVD]PowerDNS LDAP query 拒绝服务漏洞(CNNVD-200507-237)

        PowerDNS 是一个跨平台的开源DNS服务组件。
        PowerDNS 2.9.18之前的版本存在拒绝服务漏洞。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP
(UNKNOWN)  BID  14290

- 漏洞信息

PowerDNS LDAP query 拒绝服务漏洞
中危 输入验证
2005-07-19 00:00:00 2005-10-20 00:00:00
        PowerDNS 是一个跨平台的开源DNS服务组件。
        PowerDNS 2.9.18之前的版本存在拒绝服务漏洞。

- 公告与补丁


- 漏洞信息 (F39037)

Debian Linux Security Advisory 771-1 (PacketStormID:F39037)
2005-08-05 00:00:00
advisory,denial of service

Debian Security Advisory DSA 771-1 - Several problems have been discovered in pdns, a versatile nameserver that can lead to a denial of service.

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 771-1                                        Martin Schulze
August 1st, 2005              
- --------------------------------------------------------------------------

Package        : pdns
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2301 CAN-2005-2302
Debian Bug     : 318798

Several problems have been discovered in pdns, a versatile nameserver
that can lead to a denial of service.  The Common Vulnerabilities and
Exposures project identifies the following problems:


    Norbert Sendetzky and Jan de Groot discoverd that the LDAP backend
    did not properly escape all queries, allowing it to fail and not
    answer queries anymore.


    Wilco Baan discovered that queries from clients without recursion
    permission can temporarily blank out domains to clients with
    recursion permitted.  This enables outside users to blank out a
    domain temporarily to normal users.

The old stable distribution (woody) does not contain pdns packages.

For the stable distribution (sarge) these problems have been fixed in
version 2.9.17-13sarge1.

For the unstable distribution (sid) these problems have been fixed in
version 2.9.18-1.

We recommend that you upgrade your pdns package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1018 0853a39aeb6b4d6c9ba001f364d842bc
      Size/MD5 checksum:    29798 4c0437b86c5e3ccbffa6838012dbaf74
      Size/MD5 checksum:   782592 92489391182dc40012f1de7b2005ea93

  Architecture independent components:
      Size/MD5 checksum:   134202 bedb1d7a9eece3f76de635c23b4535d7

  Alpha architecture:
      Size/MD5 checksum:    16016 621dbb1ae4cdf8dda2396f4013608042
      Size/MD5 checksum:   128188 f2d21705577ea2a5fd1aeead8126e991
      Size/MD5 checksum:   235340 40264b77c8d36138bda47468867d7aee
      Size/MD5 checksum:   110132 46d2d68a646b4a2235de180a32f54e8e
      Size/MD5 checksum:    70406 1156c4fe6d5df7b67f918b2c6aa8c328
      Size/MD5 checksum:    81188 0c222e749e764b497dcc84f57e286475
      Size/MD5 checksum:    63782 e598603835286d3347bfa27ac51c7031
      Size/MD5 checksum:   199978 5eecc516f56b5cdcaa73e79c02daedc6
      Size/MD5 checksum:   687108 ae808192faab151eb045c8e25f8c8683

  ARM architecture:
      Size/MD5 checksum:    16026 939a3fb962ca170f622af16a82cf3549
      Size/MD5 checksum:   153700 3d678c9dd2d26015a8891fe1246cb85e
      Size/MD5 checksum:   318412 b249e42dac179db588c65cf20f2583a2
      Size/MD5 checksum:   148498 5e6d21db1505f5477ee5acf1bc0486bf
      Size/MD5 checksum:    95668 0cfd34b907b705428c60cd9871492e2d
      Size/MD5 checksum:   104304 dccbfd9c8c82e8b2a68aa1a916473dff
      Size/MD5 checksum:    85552 1f6f5a3cf8724b17b75169d93b05980c
      Size/MD5 checksum:   271888 f177cc208f286a322b2db376d6c3e192
      Size/MD5 checksum:   982256 9012824597e4bf2d90e838da4fda69bc

  Intel IA-32 architecture:
      Size/MD5 checksum:    16608 357a0624bcb110d7ce02f9a0b7bee292
      Size/MD5 checksum:   105884 7ed515d665879bfde98865dc9e0b5e8c
      Size/MD5 checksum:   190228 bb6937448e929f7a4cf2f7a7d186b0f3
      Size/MD5 checksum:    85610 ef863523590f6cbdbcb261031afedbb4
      Size/MD5 checksum:    56046 a4e44140e9864c592f90570e75020c23
      Size/MD5 checksum:    64598 d6360752c244fa6e454a1f46680888bc
      Size/MD5 checksum:    51370 13a2d22faf21717300407bdedb204309
      Size/MD5 checksum:   165408 4ced59cd5fb6f8b7cbe7347ec86f7839
      Size/MD5 checksum:   572496 c58056c3059d5f71687dfd5b9bfa6585

  Intel IA-64 architecture:
      Size/MD5 checksum:    16012 6f54caec9aa5da3883283c3aac18d5dc
      Size/MD5 checksum:   135824 4c8ddd124dbb8011c978375796b08630
      Size/MD5 checksum:   262958 8b9bfd9108a6a7ca212a77dc16b7d7c1
      Size/MD5 checksum:   112768 fed34d607080d8b97068eff67c35f42a
      Size/MD5 checksum:    68840 9a4b231eb4307dcf52a76123280d3230
      Size/MD5 checksum:    83782 2e4782611a25ed6d329ecb6f5cfbecaa
      Size/MD5 checksum:    63762 26745c938da7163790335e6fe07d7e1e
      Size/MD5 checksum:   229174 b1dfbb1c8691da8c0b53952343ed147e
      Size/MD5 checksum:   814878 82d3e7c0feca9e74ebcc57820d35b4d4

  HP Precision architecture:
      Size/MD5 checksum:    16016 7d53ffe4047bf55a3c3a979699b04d2e
      Size/MD5 checksum:   131040 dbf129fd9439d0cbddf1bbce2a194ca6
      Size/MD5 checksum:   247142 e79e4636aee39e85a2246a2d9f987df5
      Size/MD5 checksum:   114520 56e3cbcd8b2eca5bf30c1963570fbcf6
      Size/MD5 checksum:    72792 cd3e30c2a7ce276db0d52ba394f57ed7
      Size/MD5 checksum:    83954 6f59cc44bc5561769480f56919244b30
      Size/MD5 checksum:    66750 8fed2e2aa498d1be0e45878b5456a9fa
      Size/MD5 checksum:   219890 c5ea8b0c7ce3480478711ef1852cc566
      Size/MD5 checksum:   727006 d166c1b0b5e9b0989c5bb8419c377a53

  Motorola 680x0 architecture:
      Size/MD5 checksum:    16026 b08feaf530b3e51fb031b9a171075e4e
      Size/MD5 checksum:   108388 8e6d08a9371a64926d7c4beef5205945
      Size/MD5 checksum:   197570 69d053f36af9cd8f73dbc5470fa11d6f
      Size/MD5 checksum:    89250 02d1761d0141aded8587ddf3836879e2
      Size/MD5 checksum:    59904 fc5d48ee6757b37eb55d8a03e03b6c90
      Size/MD5 checksum:    67632 2aa2247dbccc281d60203d00089a4e4e
      Size/MD5 checksum:    55090 6135caa3beba19a3b6cc42cde66e1889
      Size/MD5 checksum:   167762 a01a400e8d778e7c3614d628ab912e3f
      Size/MD5 checksum:   589634 03814d127f5a1d25ce328cb5cd5f1f60

  Big endian MIPS architecture:
      Size/MD5 checksum:    16016 cd36ca9a0fa9f5a9aaa75897f3c7418c
      Size/MD5 checksum:   109798 57cb7be975fa3ea2c27ff815d7f0ba3e
      Size/MD5 checksum:   200772 89af7d035f7f9d871e95dd5e4b25bd56
      Size/MD5 checksum:    90842 f3ce3096928b9b6bdcec20d43ea32515
      Size/MD5 checksum:    59148 98bed909b4b5749ab1930a31f713aeb2
      Size/MD5 checksum:    67990 ea7e179119e0fea1d700e9f079693ca5
      Size/MD5 checksum:    54776 8d380a8440387394165eccee67c762c4
      Size/MD5 checksum:   182952 a252292345ae2f8a547d216d37cbe035
      Size/MD5 checksum:   591376 53c9316ba8c4f82f3a93a5b9d5a5f012

  Little endian MIPS architecture:
      Size/MD5 checksum:    16016 ce2a3df355d3d874115cbf67aca0cade
      Size/MD5 checksum:   109546 b3dd10a3d05006200770637f24a9103f
      Size/MD5 checksum:   200526 a24f85cca08523fb180de3ae9c5090eb
      Size/MD5 checksum:    90654 0bc9f1a71761d74f73cc93e054884215
      Size/MD5 checksum:    59120 9927d4a872906890a43791f2fe2579ee
      Size/MD5 checksum:    67968 c1d289a27a3c1229533408dff970bb23
      Size/MD5 checksum:    54760 2e63ef2b9484054bb24d194f55d286e6
      Size/MD5 checksum:   182464 a67792eee411ce6d55496303a776b3b4
      Size/MD5 checksum:   590744 ca79710d887fa76a78c19e248f4a2ee5

  PowerPC architecture:
      Size/MD5 checksum:    16012 e60ef7db0805bdaec95fe51c765157e1
      Size/MD5 checksum:   109692 21c091ec248ddd2e68be23e069afeb9e
      Size/MD5 checksum:   196256 f22de6b994c3b04218b99ec04d6f2e89
      Size/MD5 checksum:    91038 ab830c1ace1ed862494368627568ca7c
      Size/MD5 checksum:    60334 bb3342c972d9b945e6330e998c12a48d
      Size/MD5 checksum:    67878 56449e1a43d7dc0fbb6922505d1a77ff
      Size/MD5 checksum:    55134 5bba23ac17e17a39d60dd9dd0f98086c
      Size/MD5 checksum:   172386 8d62ffd1fad186ddba17d6ddbe4185a9
      Size/MD5 checksum:   592356 40c0d9e06176c89d8f321514e80c60bc

  IBM S/390 architecture:
      Size/MD5 checksum:    16016 3f336948d846b74a65e6caf93312f4d3
      Size/MD5 checksum:   104590 db7bdcbdee19d89335ed526ffb48ba05
      Size/MD5 checksum:   177148 6fbe6c2d37ab31a8d67b1f096b86820e
      Size/MD5 checksum:    82344 aef7e67405dee3c5d274903f6eae0aae
      Size/MD5 checksum:    54012 8ff5a6d7690300d795c3b3e65e1fb91d
      Size/MD5 checksum:    63390 512cced91f0a35de3b2abf993987e8f6
      Size/MD5 checksum:    49582 84980b91ee2c06ea4074bc14d6ea46d1
      Size/MD5 checksum:   152376 6910874c9685b5eb0edec47adfb36dd3
      Size/MD5 checksum:   518220 e588a8de7cd44851d96ecf2643b8cc37

  Sun Sparc architecture:
      Size/MD5 checksum:    16012 3b5eb251bd613cc3bb5bacd9712bf311
      Size/MD5 checksum:   107216 582fa89a2dce75cd3d83c5c0a2f3d6ab
      Size/MD5 checksum:   189996 16a3e141b002694be72130b7a94adbe9
      Size/MD5 checksum:    88710 5ac67170e1e2c55ed2b8c79ed222f7fc
      Size/MD5 checksum:    58438 224e96ca4e6a81321cc10c496d17cc55
      Size/MD5 checksum:    66122 fee851568972ae11df770fdd93d9d39b
      Size/MD5 checksum:    53316 8dd03fcedd9c49b7fe6ca4b135e67a70
      Size/MD5 checksum:   165450 cf2b7d9b8d7f3a2ac796544eadc6be98
      Size/MD5 checksum:   578782 cc27d78b7a21e27de95dcd1da5656ed0

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.4.1 (GNU/Linux)



- 漏洞信息

PowerDNS LDAP Backend Unspecified Query Filter Issue
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-07-16 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.9.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PowerDNS LDAP Backend Query Escape Failure Vulnerability
Input Validation Error 14290
Yes No
2005-07-17 12:00:00 2009-07-12 04:06:00
Credited to Norbert Sendetzky and Jan de Groot.

- 受影响的程序版本

S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
PowerDNS PowerDNS 2.9.17
+ Gentoo Linux
PowerDNS PowerDNS 2.9.16
PowerDNS PowerDNS 2.9.15
+ Gentoo Linux
PowerDNS PowerDNS 2.8
PowerDNS PowerDNS 2.0 RC1
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
PowerDNS PowerDNS 2.9.18

- 不受影响的程序版本

PowerDNS PowerDNS 2.9.18

- 漏洞讨论

The PowerDNS LDAP back-end did not adequately escape requests prior to version 2.9.18. As a result, it was possible for requests to fail without answering questions. This may have security implications in environments where PowerDNS and LDAP are used. The vendor has fixed this in version 2.9.18.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: &lt;;.

- 解决方案

The vendor has released a new version, PowerDNS 2.9.18. It is available at

Debian GNU/Linux has released advisory DSA 771-1 to address this issue. Please see the referenced advisory for further information.

Debian has released security advisory DSA 773-1 addressing several issues for their AMD64 port of the operating system. Please see the referenced
advisory for further information.

SUSE has released a security summary report (SUSE-SR:2005:019) addressing this and other issues. Please see the referenced advisory for further information.

PowerDNS PowerDNS 2.9.17

- 相关参考