Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Security: Remote Buffer Overflow (CVE-2006-4251)

Related Vulnerabilities: CVE-2006-4251   cve-2006-4251  

Source

Debian Bug report logs - #398557
Security: Remote Buffer Overflow (CVE-2006-4251)

version graph

Package: pdns-recursor; Maintainer for pdns-recursor is pdns-recursor packagers <pdns-recursor@packages.debian.org>; Source for pdns-recursor is src:pdns-recursor (PTS, buildd, popcon).

Reported by: "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>

Date: Tue, 14 Nov 2006 11:18:40 UTC

Severity: critical

Tags: fixed-upstream, security

Found in version all

Fixed in version 3.1.4-1

Done: Luk Claes <luk@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian PowerDNS Maintainers <powerdns-debian@workaround.org>:
Bug#398557; Package pdns-recursor. (full text, mbox, link).

Acknowledgement sent to "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>:
New Bug report received and forwarded. Copy sent to Debian PowerDNS Maintainers <powerdns-debian@workaround.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de>
To: submit@bugs.debian.org
Subject: Security: Remote Buffer Overflow (CVE-2006-4251)
Date: Tue, 14 Nov 2006 12:14:49 +0100
Package: pdns-recursor
Version: all
Severity: critical
Tags: security, fixed-upstream


CVE-2006-4251:

"
PowerDNS Security Advisory 2006-01: Malformed TCP queries can lead to a buffer 
overflow which might be exploitable
[..]
PowerDNS Recursor 3.1.3 and previous miscalculate the length of incoming TCP 
DNS queries, and will attempt to read up to 4 gigabytes of query into a 65535 
byte buffer. 
We have not verified if this problem might actually lead to a system 
compromise, but are acting on the assumption that it might.
[..]
Impact    Potential remote system compromise.
"

See http://doc.powerdns.com/powerdns-advisory-2006-01.html

Fixed upstream: 
http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/915
http://ds9a.nl/tmp/cve-2006-4251.patch

Bug marked as not found in version 3.1.4-1. Request was from Matthijs Mohlmann <matthijs@cacholong.nl> to control@bugs.debian.org. (full text, mbox, link).

Bug marked as fixed in version 3.1.4-1, send any further explanations to "debian-bts@spamblock.netzgehirn.de" <debian-bts@spamblock.netzgehirn.de> Request was from Luk Claes <luk@debian.org> to control@bugs.debian.org. (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 00:35:56 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:19:54 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started