Bugzilla – Bug 1197525
VUL-0: CVE-2022-27227: pdns,pdns-recursor: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor
Last modified: 2022-04-07 07:21:07 UTC
In the Authoritative server this issue only applies to secondary zones for which IXFR transfers have been enabled and the network path to the primary server is not trusted. Note that IXFR transfers are not enabled by default. In the Recursor it applies to setups retrieving one or more RPZ zones from a remote server if the network path to the server is not trusted. IXFR usually exchanges only the modifications between two versions of a zone, but sometimes needs to fall back to a full transfer of the current version. When IXFR falls back to a full zone transfer, an attacker in position of man-in-the-middle can cause the transfer to be prematurely interrupted. This interrupted transfer is mistakenly interpreted as a complete transfer, causing an incomplete zone to be processed. For the Authoritative Server, IXFR transfers are not enabled by default. The Recursor only uses IXFR for retrieving RPZ zones. An incomplete RPZ transfer results in missing policy entries, potentially causing some DNS names and IP addresses to not be properly intercepted. We would like to thank Nicolas Dehaine and Dmitry Shabanov from ThreatSTOP for reporting and initial analysis of this issue. References: - https://blog.powerdns.com/2022/03/25/security-advisory-2022-01-for-powerdns-authoritative-server-4-4-2-4-5-3-4-6-0-and-powerdns-recursor-4-4-7-4-5-7-4-6-0/
Affected packages: - openSUSE:Backports:SLE-15-SP4/pdns-recursor - openSUSE:Backports:SLE-15-SP3/pdns-recursor - openSUSE:Factory/pdns-recursor - openSUSE:Backports:SLE-15-SP4/pdns - openSUSE:Backports:SLE-15-SP3/pdns - openSUSE:Factory/pdns SLE packages are not affected.
Created attachment 857370 [details] upstream patch 4.6.0
Created attachment 857371 [details] upstream patch pdns 4.5.3
Created attachment 857373 [details] upstream patch pdns 4.4.2
Created attachment 857374 [details] upstream patch pdns-recursor 4.6.0
Created attachment 857376 [details] upstream patch pdns-recursor 4.5.7
Created attachment 857378 [details] upstream patch pdns-recursor 4.4.7
This is an autogenerated message for OBS integration: This bug (1197525) was mentioned in https://build.opensuse.org/request/show/964869 Factory / pdns https://build.opensuse.org/request/show/964870 Factory / pdns-recursor https://build.opensuse.org/request/show/964873 Backports:SLE-15-SP4 / pdns-recursor https://build.opensuse.org/request/show/964874 Backports:SLE-15-SP4 / pdns
This is an autogenerated message for OBS integration: This bug (1197525) was mentioned in https://build.opensuse.org/request/show/965583 Backports:SLE-12-SP4 / pdns https://build.opensuse.org/request/show/965588 Backports:SLE-12-SP4 / pdns-recursor
fixes submitted, reassigning to security team
(In reply to OBSbugzilla Bot from comment #9) > This is an autogenerated message for OBS integration: > This bug (1197525) was mentioned in > https://build.opensuse.org/request/show/965583 Backports:SLE-12-SP4 / pdns > https://build.opensuse.org/request/show/965588 Backports:SLE-12-SP4 / > pdns-recursor I see that you submitted to Backports:SLE-12-SP4 instead of openSUSE:Backports:SLE-15-SP3. Could you submit the the latter?
This is an autogenerated message for OBS integration: This bug (1197525) was mentioned in https://build.opensuse.org/request/show/966217 Backports:SLE-15-SP3 / pdns https://build.opensuse.org/request/show/966227 Backports:SLE-15-SP3 / pdns-recursor
fix submitted now also to SP3 Backports. Thanks for reminder.
thanks, done.
openSUSE-SU-2022:0104-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1181201,1181202,1197525 CVE References: CVE-2020-14409,CVE-2020-14410,CVE-2022-27227 JIRA References: Sources used: openSUSE Leap 15.3 (src): SDL2-2.0.8-11.3.1 openSUSE Backports SLE-15-SP3 (src): pdns-4.3.1-bp153.2.3.1
openSUSE-SU-2022:0105-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1197525 CVE References: CVE-2022-27227 JIRA References: Sources used: openSUSE Backports SLE-15-SP3 (src): pdns-recursor-4.3.5-bp153.2.3.1