Boletines de Vulnerabilidades

int(1735)

Boletines de Vulnerabilidades

Múltiples vulnerabilidades en PowerDNS
Clasificación de la vulnerabilidad
Propiedad	Valor
Nivel de Confianza	Oficial
Impacto	Denegación de Servicio
Dificultad	Experto
Requerimientos del atacante	Acceso remoto sin cuenta a un servicio exotico
Información sobre el sistema
Propiedad	Valor
Fabricante afectado	GNU/Linux
Software afectado	PowerDNS <2.9.18
Descripción
Se han descubierto múltiples vulnerabilidades en las versiones anteriores a la 2.9.18 del servidor de nombres PowerDNS. Las vulnerabilidades son descritas a continuación: - CAN-2005-2301: Vulnerabilidad en el manejo de peticiones LDAP podría permitir a un atacante remoto provocar una situación de denegación de servicio o incluso inyectar entradas LDAP. - CAN-2005-2302: Vulnerabilidad en el manejo de peticiones desde clientes sin recursividad permitida podría perjudicar a los clientes con recursividad permitida.
Solución
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software PowerDNS PowerDNS 2.9.18 http://www.powerdns.com/downloads/index.php Debian Linux Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1.dsc http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1.diff.gz http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17.orig.tar.gz Architecture-independent http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.17-13sarge1_all.deb Alpha http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_alpha.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_alpha.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_alpha.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_alpha.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_alpha.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_alpha.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_alpha.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_alpha.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_alpha.deb ARM http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_arm.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_arm.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_arm.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_arm.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_arm.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_arm.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_arm.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_arm.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_i386.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_i386.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_i386.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_i386.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_i386.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_i386.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_i386.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_i386.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_ia64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_ia64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_ia64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_ia64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_ia64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_ia64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_ia64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_ia64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_ia64.deb HPPA http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_hppa.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_hppa.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_hppa.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_hppa.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_hppa.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_hppa.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_hppa.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_hppa.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_m68k.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_m68k.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_m68k.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_m68k.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_m68k.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_m68k.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_m68k.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_m68k.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_mips.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_mips.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_mips.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_mips.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_mips.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_mips.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_mips.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_mips.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_mipsel.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_mipsel.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_mipsel.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_mipsel.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_mipsel.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_mipsel.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_mipsel.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_mipsel.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_powerpc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_powerpc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_powerpc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_powerpc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_powerpc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_powerpc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_powerpc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_powerpc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_s390.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_s390.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_s390.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_s390.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_s390.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_s390.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_s390.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_s390.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_sparc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_sparc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_sparc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_sparc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_sparc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_sparc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_sparc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_sparc.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_sparc.deb SUSE Linux Actualizar mediante YaST Online Update Debian Debian Linux 3.1 AMD64 http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_amd64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_amd64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_amd64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_amd64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_amd64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_amd64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_amd64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_amd64.deb http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_amd64.deb
Identificadores estándar
Propiedad	Valor
CVE	CAN-2005-2301 CAN-2005-2302
BID
Recursos adicionales
Debian Security Advisory DSA 771-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00158.html SUSE Security Summary Report SUSE-SR:2005:019 http://www.novell.com/linux/security/advisories/2005_19_sr.html Debian Security Advisory DSA 773-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00160.html

Histórico de versiones
Versión	Comentario	Fecha
1.0	Aviso emitido	2005-08-01
1.1	Aviso emitido por SUSE (SUSE-SR:2005:019)	2005-08-22
1.2	Aviso emitido por Debian (DSA 773-1)	2005-08-25

Boletines de Vulnerabilidades

Múltiples vulnerabilidades en PowerDNS

Clasificación de la vulnerabilidad

Información sobre el sistema

Descripción

Solución

Identificadores estándar

Recursos adicionales

Histórico de versiones