Debian DSA-771-1 : pdns - several vulnerabilities

medium Nessus Plugin ID 19336

Synopsis

The remote Debian host is missing a security-related update.

Description

Several problems have been discovered in pdns, a versatile nameserver that can lead to a denial of service. The Common Vulnerabilities and Exposures project identifies the following problems :

- CAN-2005-2301 Norbert Sendetzky and Jan de Groot discovered that the LDAP backend did not properly escape all queries, allowing it to fail and not answer queries anymore.

- CAN-2005-2302

Wilco Baan discovered that queries from clients without recursion permission can temporarily blank out domains to clients with recursion permitted. This enables outside users to blank out a domain temporarily to normal users.

Solution

Upgrade the pdns package.

The old stable distribution (woody) does not contain pdns packages.

For the stable distribution (sarge) these problems have been fixed in version 2.9.17-13sarge1.

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=318798

http://www.debian.org/security/2005/dsa-771

Plugin Details

Severity: Medium

ID: 19336

File Name: debian_DSA-771.nasl

Version: 1.20

Type: local

Agent: unix

Published: 8/1/2005

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:pdns, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 8/1/2005

Vulnerability Publication Date: 7/16/2005

Reference Information

CVE: CVE-2005-2301, CVE-2005-2302

DSA: 771