Public bug reported: http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1193.html shows "needed" for 12.04, 14.04 and 14.10. It appears the bug is fixed in 14.04 and 14.10 as it was fixed in PowerDNS Recursor version 3.5:
I'm not using 12.04 or PowerDNS Recursor, but I hope the following patches will help someone else fix the issue. https://bugzilla.redhat.com/show_bug.cgi?id=794963 comment 4 says: >From http://doc.powerdns.com/changelog.html#changelog-recursor-3.5: "While Recursor 3.3 was not vulnerable to the specific attack noted in 'Ghost Domain Names: Revoked Yet Still Resolvable', further investigation showed that a variant of the attack could work. This was fixed in r3085." http://wiki.powerdns.com/trac/changeset/3085 related: http://wiki.powerdns.com/trac/changeset/3084 http://wiki.powerdns.com/trac/changeset/3083 http://wiki.powerdns.com/trac/changeset/3082 There's also the following upstream bug: http://wiki.powerdns.com/trac/ticket/668 ** Affects: pdns-recursor (Ubuntu) Importance: Undecided Status: New ** Tags: cve-2012-1193 ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1391409 Title: "ghost domain names" attack CVE-2012-1193 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1391409/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs