Bug 1129734 - (CVE-2019-3871) VUL-0: CVE-2019-3871: pdns: Insufficient validation in the HTTP remote backend
(CVE-2019-3871)
VUL-0: CVE-2019-3871: pdns: Insufficient validation in the HTTP remote backend
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/226359/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-19 10:13 UTC by Karol Babioch
Modified: 2022-03-29 09:40 UTC (History)
8 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2019-03-19 10:13:36 UTC
An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode (without post=1 set), allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one, via a crafted DNS query. This can be used to cause a denial of service by preventing the remote backend from getting a response, content spoofing if the attacker can time its own query so that subsequent queries will use an attacker-controlled HTTP server instead of the configured one, and possibly information disclosure if the Authoritative Server has access to internal servers.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3871
http://seclists.org/oss-sec/2019/q1/185
https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
https://downloads.powerdns.com/patches/2019-03/
Comment 1 Adam Majer 2019-03-19 10:43:40 UTC
devel project is already fixes (server:dns/pdns). All other openSUSE codestreams will be submitted soon.
Comment 2 Swamp Workflow Management 2019-03-19 12:40:08 UTC
This is an autogenerated message for OBS integration:
This bug (1129734) was mentioned in
https://build.opensuse.org/request/show/686401 15.0+42.3+Backports:SLE-12-SP1+Backports:SLE-15 / pdns
Comment 5 Swamp Workflow Management 2019-04-03 10:10:16 UTC
openSUSE-SU-2019:1128-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1129734
CVE References: CVE-2019-3871
Sources used:
openSUSE Leap 42.3 (src):    pdns-4.0.3-18.1
openSUSE Leap 15.0 (src):    pdns-4.1.2-lp150.3.10.1
openSUSE Backports SLE-15 (src):    pdns-4.1.2-bp150.2.6.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2019-04-03 10:16:47 UTC
openSUSE-SU-2019:1128-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1129734
CVE References: CVE-2019-3871
Sources used:
openSUSE Leap 42.3 (src):    pdns-4.0.3-18.1
openSUSE Leap 15.0 (src):    pdns-4.1.2-lp150.3.10.1
openSUSE Backports SLE-15 (src):    pdns-4.1.2-bp150.2.6.1
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    pdns-4.1.7-17.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 9 Antonio Ojea 2019-04-23 10:16:37 UTC
https://build.suse.de/request/show/191143
Comment 14 Swamp Workflow Management 2019-11-06 14:16:11 UTC
SUSE-SU-2019:2906-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1129734,1148383
CVE References: CVE-2019-15043,CVE-2019-3871
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    crowbar-core-6.0+git.1571412352.8da4d261f-3.13.3, crowbar-openstack-6.0+git.1572264221.3826a58b8-3.13.3, grafana-6.2.5-3.9.3, openstack-cinder-13.0.8~dev8-3.13.5, openstack-dashboard-14.0.5~dev1-3.9.4, openstack-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3, openstack-keystone-14.1.1~dev26-3.13.4, openstack-manila-7.3.1~dev15-4.13.4, openstack-neutron-13.0.6~dev3-3.13.4, openstack-neutron-fwaas-13.0.3~dev2-3.6.3, openstack-neutron-lbaas-13.0.1~dev15-3.10.3, openstack-nova-18.2.4~dev18-3.13.5, openstack-octavia-3.2.1~dev1-3.13.3, openstack-octavia-amphora-image-0.1.1-7.3.4, python-Django1-1.11.24-3.12.3, python-keystonemiddleware-5.2.1-11.4, python-octaviaclient-1.6.1-3.3.3, python-os-brick-2.5.8-3.6.3, python-oslo.cache-1.30.4-3.3.3, python-oslo.messaging-8.1.4-3.3.3
SUSE OpenStack Cloud 9 (src):    ardana-ansible-9.0+git.1568821007.4e73730-3.13.3, ardana-horizon-9.0+git.1569869028.8edfc22-3.10.3, ardana-keystone-9.0+git.1570035317.78077ac-3.10.3, ardana-manila-9.0+git.1569444107.add6a40-3.9.3, ardana-neutron-9.0+git.1571328680.3a89cb8-3.13.3, grafana-6.2.5-3.9.3, openstack-cinder-13.0.8~dev8-3.13.5, openstack-dashboard-14.0.5~dev1-3.9.4, openstack-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3, openstack-keystone-14.1.1~dev26-3.13.4, openstack-manila-7.3.1~dev15-4.13.4, openstack-neutron-13.0.6~dev3-3.13.4, openstack-neutron-fwaas-13.0.3~dev2-3.6.3, openstack-neutron-lbaas-13.0.1~dev15-3.10.3, openstack-nova-18.2.4~dev18-3.13.5, openstack-octavia-3.2.1~dev1-3.13.3, openstack-octavia-amphora-image-0.1.1-7.3.4, pdns-4.1.8-3.3.3, python-Django1-1.11.24-3.12.3, python-keystonemiddleware-5.2.1-11.4, python-octaviaclient-1.6.1-3.3.3, python-os-brick-2.5.8-3.6.3, python-oslo.cache-1.30.4-3.3.3, python-oslo.messaging-8.1.4-3.3.3, venv-openstack-barbican-7.0.1~dev18-3.11.3, venv-openstack-cinder-13.0.8~dev8-3.11.3, venv-openstack-designate-7.0.1~dev22-3.11.3, venv-openstack-glance-17.0.1~dev30-3.11.3, venv-openstack-heat-11.0.3~dev23-3.11.3, venv-openstack-horizon-14.0.5~dev1-4.11.3, venv-openstack-keystone-14.1.1~dev26-3.11.3, venv-openstack-magnum-7.1.1~dev28-4.11.3, venv-openstack-manila-7.3.1~dev15-3.11.3, venv-openstack-monasca-2.7.1~dev10-3.11.3, venv-openstack-monasca-ceilometer-1.8.2~dev3-3.11.3, venv-openstack-neutron-13.0.6~dev3-6.11.3, venv-openstack-nova-18.2.4~dev18-3.11.3, venv-openstack-octavia-3.2.1~dev1-4.11.3, venv-openstack-sahara-9.0.2~dev12-3.11.3, venv-openstack-swift-2.19.2~dev1-2.8.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Keith Berger 2020-03-23 18:20:00 UTC
This also looks resovled. can someone please confirm?
Comment 16 Marcus Meissner 2020-03-24 14:00:47 UTC
it never built in cloud 8, so was never shipped there.

so cloud 9 is done, cloud 8 seems not done.
Comment 17 Nanuk Krinner 2020-03-25 09:37:20 UTC
Tracked at https://jira.suse.com/browse/SOC-11186
Comment 18 Keith Berger 2020-03-25 13:14:02 UTC
pdns fix submittied for D:C:8:S. I will wait for it to pass and assgin back to the security team

Visit https://build.suse.de/request/show/214580

State of request 214580 was changed by flaviosr:

  new -> accepted

Actions:
- submit home:kberger65:branches:Devel:Cloud:8/pdns => Devel:Cloud:8:Staging/pdns
Comment 19 Keith Berger 2020-03-30 15:56:48 UTC
https://build.suse.de/package/show/Devel:Cloud:8/pdns

sending back to Security to close when appropriate
Comment 21 Swamp Workflow Management 2020-04-22 16:15:08 UTC
SUSE-SU-2020:1066-1: An update that solves 9 vulnerabilities and has 14 fixes is now available.

Category: security (moderate)
Bug References: 1040519,1048688,1077718,1111180,1114157,1114169,1115904,1125357,1129734,1132852,1133817,1135773,1145498,1146206,1148426,1149110,1149535,1151206,1165402,1165643,1166290,1167240,144694
CVE References: CVE-2017-5637,CVE-2018-10851,CVE-2018-14626,CVE-2019-0201,CVE-2019-11596,CVE-2019-15026,CVE-2019-3871,CVE-2020-5247,CVE-2020-9543
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    crowbar-core-5.0+git.1585575551.16781d00d-3.38.1, crowbar-ha-5.0+git.1585316176.344190f-3.32.1, crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1, documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1, documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1, documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1, documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1, memcached-1.5.17-3.3.1, openstack-manila-5.1.1~dev5-3.26.2, openstack-manila-doc-5.1.1~dev5-3.26.1, openstack-neutron-11.0.9~dev63-3.30.2, openstack-neutron-doc-11.0.9~dev63-3.30.1, openstack-nova-16.1.9~dev61-3.35.2, openstack-nova-doc-16.1.9~dev61-3.35.1, python-amqp-2.4.2-3.9.1, rubygem-puma-2.16.0-3.6.1, zookeeper-3.4.10-3.6.1
SUSE OpenStack Cloud 8 (src):    ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1, ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1, ardana-db-8.0+git.1583944923.03cca6c-3.31.1, ardana-monasca-8.0+git.1583944894.38f023a-3.24.1, ardana-mq-8.0+git.1583944811.dc14403-3.19.1, ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1, ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1, ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1, documentation-suse-openstack-cloud-installation-8.20200319-1.23.1, documentation-suse-openstack-cloud-operations-8.20200319-1.23.1, documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1, documentation-suse-openstack-cloud-planning-8.20200319-1.23.1, documentation-suse-openstack-cloud-security-8.20200319-1.23.1, documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1, documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1, documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1, documentation-suse-openstack-cloud-user-8.20200319-1.23.1, memcached-1.5.17-3.3.1, openstack-manila-5.1.1~dev5-3.26.2, openstack-manila-doc-5.1.1~dev5-3.26.1, openstack-neutron-11.0.9~dev63-3.30.2, openstack-neutron-doc-11.0.9~dev63-3.30.1, openstack-nova-16.1.9~dev61-3.35.2, openstack-nova-doc-16.1.9~dev61-3.35.1, pdns-4.1.2-3.6.1, python-amqp-2.4.2-3.9.1, venv-openstack-aodh-5.1.1~dev7-12.24.1, venv-openstack-barbican-5.0.2~dev3-12.25.1, venv-openstack-ceilometer-9.0.8~dev7-12.22.1, venv-openstack-cinder-11.2.3~dev23-14.25.1, venv-openstack-designate-5.0.3~dev7-12.23.1, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.20.1, venv-openstack-glance-15.0.3~dev3-12.23.1, venv-openstack-heat-9.0.8~dev22-12.25.1, venv-openstack-ironic-9.1.8~dev8-12.25.1, venv-openstack-keystone-12.0.4~dev5-11.26.1, venv-openstack-magnum-5.0.2_5.0.2_5.0.2~dev31-11.24.1, venv-openstack-manila-5.1.1~dev5-12.29.1, venv-openstack-monasca-ceilometer-1.5.1_1.5.1_1.5.1~dev3-8.20.1, venv-openstack-murano-4.0.2~dev2-12.20.1, venv-openstack-neutron-11.0.9~dev63-13.28.1, venv-openstack-nova-16.1.9~dev61-11.26.1, venv-openstack-octavia-1.0.6~dev3-12.25.1, venv-openstack-sahara-7.0.5~dev4-11.24.1, venv-openstack-trove-8.0.2~dev2-11.24.1, zookeeper-3.4.10-3.6.1
HPE Helion Openstack 8 (src):    ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1, ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1, ardana-db-8.0+git.1583944923.03cca6c-3.31.1, ardana-monasca-8.0+git.1583944894.38f023a-3.24.1, ardana-mq-8.0+git.1583944811.dc14403-3.19.1, ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1, ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1, ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1, documentation-hpe-helion-openstack-installation-8.20200319-1.23.1, documentation-hpe-helion-openstack-operations-8.20200319-1.23.1, documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1, documentation-hpe-helion-openstack-planning-8.20200319-1.23.1, documentation-hpe-helion-openstack-security-8.20200319-1.23.1, documentation-hpe-helion-openstack-user-8.20200319-1.23.1, memcached-1.5.17-3.3.1, openstack-manila-5.1.1~dev5-3.26.2, openstack-manila-doc-5.1.1~dev5-3.26.1, openstack-neutron-11.0.9~dev63-3.30.2, openstack-neutron-doc-11.0.9~dev63-3.30.1, openstack-nova-16.1.9~dev61-3.35.2, openstack-nova-doc-16.1.9~dev61-3.35.1, pdns-4.1.2-3.6.1, python-amqp-2.4.2-3.9.1, venv-openstack-aodh-5.1.1~dev7-12.24.1, venv-openstack-barbican-5.0.2~dev3-12.25.1, venv-openstack-ceilometer-9.0.8~dev7-12.22.1, venv-openstack-cinder-11.2.3~dev23-14.25.1, venv-openstack-designate-5.0.3~dev7-12.23.1, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.20.1, venv-openstack-glance-15.0.3~dev3-12.23.1, venv-openstack-heat-9.0.8~dev22-12.25.1, venv-openstack-ironic-9.1.8~dev8-12.25.1, venv-openstack-keystone-12.0.4~dev5-11.26.1, venv-openstack-magnum-5.0.2_5.0.2_5.0.2~dev31-11.24.1, venv-openstack-manila-5.1.1~dev5-12.29.1, venv-openstack-monasca-ceilometer-1.5.1_1.5.1_1.5.1~dev3-8.20.1, venv-openstack-murano-4.0.2~dev2-12.20.1, venv-openstack-neutron-11.0.9~dev63-13.28.1, venv-openstack-nova-16.1.9~dev61-11.26.1, venv-openstack-octavia-1.0.6~dev3-12.25.1, venv-openstack-sahara-7.0.5~dev4-11.24.1, venv-openstack-trove-8.0.2~dev2-11.24.1, zookeeper-3.4.10-3.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Alexandros Toptsoglou 2020-05-12 11:58:13 UTC
Done
Comment 23 OBSbugzilla Bot 2022-03-29 09:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1129734) was mentioned in
https://build.opensuse.org/request/show/965583 Backports:SLE-12-SP4 / pdns