Ray Morris discovered that the PowerDNS authoritative server responds to response packets. An attacker who can spoof the source address of IP packets can cause an endless packet loop between a PowerDNS authoritative server and another DNS server, leading to a denial of service. For the oldstable distribution (lenny), this problem has been fixed in version 2.9.21.2-1+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 2.9.22-8+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your pdns packages.
Ray Morris discovered that the PowerDNS authoritative server responds to response packets. An attacker who can spoof the source address of IP packets can cause an endless packet loop between a PowerDNS authoritative server and another DNS server, leading to a denial of service.
For the oldstable distribution (lenny), this problem has been fixed in version 2.9.21.2-1+lenny1.
For the stable distribution (squeeze), this problem has been fixed in version 2.9.22-8+squeeze1.
For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your pdns packages.
Vulmon