Package: pdnsd Version: 1.2.6-par-10 Followup-For: Bug #499433 Severity: grave
14:48:00.688906 IP aaa.aaa.aaa.aaa.38399 > bbb.bbb.bbb.bbb.53: 43459+ A? sdjfhsdjkfhj1.com. (35) 14:48:00.698405 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38399: 43459 NXDomain* 0/1/0 (108) 14:48:00.699067 IP aaa.aaa.aaa.aaa.38400 > bbb.bbb.bbb.bbb.53: 19837+ A? sdjfhsdjkfhj1.com.the.local.domain. (52) 14:48:00.699461 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38400: 19837 NXDomain* 0/1/0 (102) 14:48:04.178967 IP aaa.aaa.aaa.aaa.38401 > bbb.bbb.bbb.bbb.53: 6424+ A? sdjfhsdjkfhj2.com. (35) 14:48:04.186806 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38401: 6424 NXDomain* 0/1/0 (108) 14:48:04.187562 IP aaa.aaa.aaa.aaa.38402 > bbb.bbb.bbb.bbb.53: 63360+ A? sdjfhsdjkfhj2.com.the.local.domain. (52) 14:48:04.187975 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38402: 63360 NXDomain* 0/1/0 (102) 14:48:05.482649 IP aaa.aaa.aaa.aaa.38403 > bbb.bbb.bbb.bbb.53: 20028+ A? sdjfhsdjkfhj3.com. (35) 14:48:05.755718 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38403: 20028 NXDomain* 0/1/0 (108) 14:48:05.756263 IP aaa.aaa.aaa.aaa.38404 > bbb.bbb.bbb.bbb.53: 59106+ A? sdjfhsdjkfhj3.com.the.local.domain. (52) 14:48:05.756770 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38404: 59106 NXDomain* 0/1/0 (102) 14:48:09.445224 IP aaa.aaa.aaa.aaa.38405 > bbb.bbb.bbb.bbb.53: 63943+ A? sdjfhsdjkfhj4.com. (35) 14:48:09.604176 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38405: 63943 NXDomain* 0/1/0 (108) 14:48:09.604678 IP aaa.aaa.aaa.aaa.38406 > bbb.bbb.bbb.bbb.53: 56120+ A? sdjfhsdjkfhj4.com.the.local.domain. (52) 14:48:09.605096 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38406: 56120 NXDomain* 0/1/0 (102) 14:48:10.850705 IP aaa.aaa.aaa.aaa.38407 > bbb.bbb.bbb.bbb.53: 26718+ A? sdjfhsdjkfhj5.com. (35) 14:48:10.861259 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38407: 26718 NXDomain* 0/1/0 (108) 14:48:10.861707 IP aaa.aaa.aaa.aaa.38408 > bbb.bbb.bbb.bbb.53: 56367+ A? sdjfhsdjkfhj5.com.the.local.domain. (52) 14:48:10.862295 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38408: 56367 NXDomain* 0/1/0 (102) 14:48:12.256789 IP aaa.aaa.aaa.aaa.38411 > bbb.bbb.bbb.bbb.53: 44406+ A? sdjfhsdjkfhj6.com. (35) 14:48:12.289141 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38411: 44406 NXDomain* 0/1/0 (108) 14:48:12.289567 IP aaa.aaa.aaa.aaa.38412 > bbb.bbb.bbb.bbb.53: 34974+ A? sdjfhsdjkfhj6.com.the.local.domain. (52) 14:48:12.290042 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38412: 34974 NXDomain* 0/1/0 (102) 14:48:13.617108 IP aaa.aaa.aaa.aaa.38413 > bbb.bbb.bbb.bbb.53: 7010+ A? sdjfhsdjkfhj7.com. (35) 14:48:13.630783 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38413: 7010 NXDomain* 0/1/0 (108) 14:48:13.631756 IP aaa.aaa.aaa.aaa.38414 > bbb.bbb.bbb.bbb.53: 35773+ A? sdjfhsdjkfhj7.com.the.local.domain. (52) 14:48:13.632283 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38414: 35773 NXDomain* 0/1/0 (102) 14:48:14.994027 IP aaa.aaa.aaa.aaa.38415 > bbb.bbb.bbb.bbb.53: 34368+ A? sdjfhsdjkfhj8.com. (35) 14:48:15.002921 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38415: 34368 NXDomain* 0/1/0 (108) 14:48:15.003520 IP aaa.aaa.aaa.aaa.38416 > bbb.bbb.bbb.bbb.53: 49461+ A? sdjfhsdjkfhj8.com.the.local.domain. (52) 14:48:15.004545 IP bbb.bbb.bbb.bbb.53 > aaa.aaa.aaa.aaa.38416: 49461 NXDomain* 0/1/0 (102) There have been tons of DSAs concerning CVE-2008-1447. This bug *still* applies to pdnsd as can be seen above. It is fixed in 1.2.7-par according to http://secunia.com/advisories/31847/. I don't see why this should be less critical than all the other cases. Helmut -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.23.14 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages pdnsd depends on: ii adduser 3.110 add and remove users and groups ii cdebconf [debconf-2.0] 0.136 Debian Configuration Management Sy ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy ii libc6 2.7-15 GNU C Library: Shared libraries Versions of packages pdnsd recommends: ii resolvconf 1.42 name server information handler pdnsd suggests no packages. -- debconf information: * pdnsd/conf: Manual -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]