Bug#406465: [bind backend] TXT record parsing overflow with special characters
On Sat, Feb 10, 2007 at 11:13:11AM +0100, Jeroen van Wolffelaar wrote: An option, therefore, is to have a pdns uploaded without the bind backend, and a NEWS.Debian stating that sorry, no bind backend available, because it's not of release quality or something. Since other than our brief attempt at using pdns-with-bind-backend, I'm not having any experience with pdns, I don't feel comfortable making this change (and decision) myself, it's also pretty invasive so not typically something to do in a NMU. Maintainers, what's the status? As it stands now, powerdns runs the risk of being removed from testing and that way not making it into etch. If you'd give your opinion on whether or not removing the bind backend would be an acceptable solution, someone could make an upload of it. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406465: [bind backend] TXT record parsing overflow with special characters
On Friday 16 February 2007 13:57, Jeroen van Wolffelaar wrote: On Sat, Feb 10, 2007 at 11:13:11AM +0100, Jeroen van Wolffelaar wrote: An option, therefore, is to have a pdns uploaded without the bind backend, and a NEWS.Debian stating that sorry, no bind backend available, because it's not of release quality or something. Since other than our brief attempt at using pdns-with-bind-backend, I'm not having any experience with pdns, I don't feel comfortable making this change (and decision) myself, it's also pretty invasive so not typically something to do in a NMU. Maintainers, what's the status? As it stands now, powerdns runs the risk of being removed from testing and that way not making it into etch. Apologies. I'll contact the upstream about this bug report now. Unfortunately Matthijs is currently very busy at work so he didn't handle it yet. And I had no internet connection for a while that kept me from working on it. So the package has actually been badly maintained for a while. I will try to improve that. If you'd give your opinion on whether or not removing the bind backend would be an acceptable solution, someone could make an upload of it. Let us first see what the upstream thinks of it. If I don't get a timely answer we can still consider removing the bind backend. Help is definitely welcome in maintaining the package. But I'll get on my backlog today anyway. Christoph -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406465: [bind backend] TXT record parsing overflow with special characters
Update: upstream says it's not a serious security issue in his opinion. He intends to release a fix this weekend anyway. Christoph -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406465: [bind backend] TXT record parsing overflow with special characters
On Sat, Feb 10, 2007 at 01:09:19AM +0100, Moritz Muehlenhoff wrote: Jeroen van Wolffelaar wrote: Package: pdns-server Version: 2.9.20-7 Severity: serious Tags: security (serious because what I see looks like a buffer overflow, however, I didn't look into the code yet, so I make no claims as to whether this is exploitable) Despite having a team in the maintainer field and being RC this bug log shows no visible reaction since a month. If it's unmaintained we shouldn't include it in Etch. One note, for all the bugs that I reported, it seemed limited to the bind backend, and one not-yet-reported bug about it is that it actually often 'forgets' zones too (not reported yet because I wanted to try to reproduce on etch instead of on sarge, I will report it this weekend). Reportedly, the other backends work just fine, and also, those are the backend configuration in which pdns sees wide deployment (the usecase for pdns with bind backend is pretty limited). An option, therefore, is to have a pdns uploaded without the bind backend, and a NEWS.Debian stating that sorry, no bind backend available, because it's not of release quality or something. Since other than our brief attempt at using pdns-with-bind-backend, I'm not having any experience with pdns, I don't feel comfortable making this change (and decision) myself, it's also pretty invasive so not typically something to do in a NMU. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406465: [bind backend] TXT record parsing overflow with special characters
Jeroen van Wolffelaar wrote: Package: pdns-server Version: 2.9.20-7 Severity: serious Tags: security (serious because what I see looks like a buffer overflow, however, I didn't look into the code yet, so I make no claims as to whether this is exploitable) Despite having a team in the maintainer field and being RC this bug log shows no visible reaction since a month. If it's unmaintained we shouldn't include it in Etch. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#406465: [bind backend] TXT record parsing overflow with special characters
Package: pdns-server Version: 2.9.20-7 Severity: serious Tags: security (serious because what I see looks like a buffer overflow, however, I didn't look into the code yet, so I make no claims as to whether this is exploitable) Having a TXT record in a bind-backend zone file that contains a parentizes ( character, causes all kinds of weird things. Firstly, the zone fails to serve. Syslog says: Jan 11 11:40:47 foo pdns[29515]: Zone 'a-eskwadraat.nl' (/etc/powerdns/zonefiles/db.nl.a-eskwadraat) reloaded but all queries including zone transfers result in servfail: Jan 11 11:40:47 foo pdns[29515]: Not authoritative for 'foo.a-eskwadraat.nl', sending servfail to 127.0.0.1 (recursion was desired) After replacing foo TXT ( with foo TXT paren-open and reloading, I get the following: | foo:/etc/powerdns# dig foo.a-eskwadraat.nl TXT @localhost | | ; DiG 9.3.3 foo.a-eskwadraat.nl TXT @localhost | ; (1 server found) | ;; global options: printcmd | ;; Got answer: | ;; -HEADER- opcode: QUERY, status: NOERROR, id: 8804 | ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 | | ;; QUESTION SECTION: | ;foo.a-eskwadraat.nl. IN TXT | | ;; ANSWER SECTION: | foo.a-eskwadraat.nl.3600IN TXT paren-open | foo.a-eskwadraat.nl.3600IN TXT foo a 1.2.3.4\010@ ns | ns1.xel.nl. ns ns3.xel.nl.\010$ttl 1d@ in soa ns.a-eskwadraat.nl. | sysop.a-eskwadraat.nl. ( 2006110910 6h 30m 4w 1d This is interesting, because the data listed here comes from the *old* zonefile (afaics). Also, of course the TXT record shouldn't suddenly contain literal zonefile data like this. Powerdns should really treat such TXT record strings as opaque strings, and not treat characters in them specially. --Jeroen -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]