oss-sec mailing list archives

Re: Follow up: PowerDNS Security Advisory 2015-01

From: cve-assign () mitre org
Date: Fri, 10 Jul 2015 16:34:49 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
Update 7th of July 2015: Toshifumi Sakaguchi discovered that the original fix was insufficient


For cases of an insufficient fix, an additional CVE ID is assigned.
Use CVE-2015-5470. The reason for this CVE is apparently the absence
of:

   if (ret.length() > 1024)
     throw MOADNSException("Total name too long");

in PowerDNS Recursor 3.6.3 and 3.7.2 and Auth 3.3.2 and 3.4.4.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVoCm+AAoJEKllVAevmvmsCd0IAIYvsrFye9E332uBKjKKzo+V
y2KfAeiN0qxnTL31MdYavs8ruWNkzQFgBSPKbhqYYPGKU661SMr+hDy2mVSicysY
MywUEOamB4/9/vA11QV0P+KNhtUmwUJwL7FslAGveSZm+3OF9qxQPtIzNQQdh6J7
YzEW1Xk5UxmjCJmWyzasFf39jAUax/RngvKtHYrUjGkNKZXWabCFqiZ5tO90ga+7
sRhN1HSNSbxB2KMIFCqTMxe78xGV/8J7ifTihQBZe7gx2GbcoBLCf0v+N4mFTl6U
Ziio5mchYZU5HLtdqwMxRg5/vDoxbGT7C1Nqg8rUZAgmFERzwrYzdax8HP/hzhk=
=ONFs
-----END PGP SIGNATURE-----

Current thread:

Follow up: PowerDNS Security Advisory 2015-01 Pieter Lexis (Jul 07)
- Re: Follow up: PowerDNS Security Advisory 2015-01 Alessandro Ghedini (Jul 07)
- Re: Follow up: PowerDNS Security Advisory 2015-01 cve-assign (Jul 10)