Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Security: Remote Stack Overflow (CVE-2006-4252)

Related Vulnerabilities: CVE-2006-4252  

Source

Debian Bug report logs - #398559
Security: Remote Stack Overflow (CVE-2006-4252)

version graph

Package: pdns-recursor; Maintainer for pdns-recursor is pdns-recursor packagers <pdns-recursor@packages.debian.org>; Source for pdns-recursor is src:pdns-recursor (PTS, buildd, popcon).

Reported by: "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>

Date: Tue, 14 Nov 2006 11:19:54 UTC

Severity: important

Tags: fixed-upstream, security

Found in version all

Fixed in version 3.1.4-1

Done: Luk Claes <luk@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian PowerDNS Maintainers <powerdns-debian@workaround.org>:
Bug#398559; Package pdns-recursor. (full text, mbox, link).

Acknowledgement sent to "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>:
New Bug report received and forwarded. Copy sent to Debian PowerDNS Maintainers <powerdns-debian@workaround.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>
To: submit@bugs.debian.org
Subject: Security: Remote Stack Overflow (CVE-2006-4252)
Date: Tue, 14 Nov 2006 12:17:42 +0100
Package: pdns-recursor
Version: all
Severity: important
Tags: security, fixed-upstream


CVE-2006-4252:

"
PowerDNS Security Advisory 2006-02: Zero second CNAME TTLs can make PowerDNS 
exhaust allocated stack space, and crash
[..]
PowerDNS would recurse endlessly on encountering a CNAME loop consisting 
entirely of zero second CNAME records, eventually exceeding resources and 
crashing. 
[..]
Exploit    This problem can be triggered by sending queries for specifically 
configured domains
[..]
Impact    Denial of service
"

See http://doc.powerdns.com/powerdns-advisory-2006-02.html

Fixed upstream: 
http://wiki.powerdns.com/projects/trac/changeset/919

Bug marked as not found in version 3.1.4-1. Request was from Matthijs Mohlmann <matthijs@cacholong.nl> to control@bugs.debian.org. (full text, mbox, link).

Bug marked as fixed in version 3.1.4-1, send any further explanations to "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de> Request was from Luk Claes <luk@debian.org> to control@bugs.debian.org. (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 02:11:44 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:16:32 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started