Bug ID | 1092540 |
---|---|
Summary | VUL-0: CVE-2018-1046: PowerDNS Security Advisory 2018-02 |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.3 |
Hardware | Other |
URL | https://smash.suse.de/issue/205418/ |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | kbabioch@suse.com |
QA Contact | security-team@suse.de |
Found By | Security Response Team |
Blocker | --- |
CVE-2018-1046 CVE: CVE-2018-1046 Date: May 8th 2018 Credit: Wei Hao Affects: dnsreplay from 4.0.0 up to and including 4.1.1 Not affected: dnsreplay 3.4.11, 4.1.2 Severity: High Impact: Arbitrary code execution Exploit: This problem can be triggered via a crafted PCAP file Risk of system compromise: Yes Solution: Upgrade to a non-affected version An issue has been found in the dnsreplay tool provided with PowerDNS Authoritative, where replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the ���ecs-stamp option of dnsreplay is used. Regardless of this issue, the use of dnsreplay with untrusted PCAP files is not advised. This issue has been assigned CVE-2018-1046 by Red Hat. PowerDNS Authoritative from 4.0.0 up to and including 4.1.1 is affected. We would like to thank Wei Hao for finding and subsequently reporting this issue. References: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1046 http://seclists.org/oss-sec/2018/q2/97 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html https://github.com/PowerDNS/pdns/commit/f9c57c98da1b1007a51680629b667d57d9b702b8