p0f3 release candidate
Hi folks, I wanted to share the news of p0f v3, a complete rewrite and redesign of my passive fingerprinting tool. == Synopsis == P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Some of its capabilities include: - Scalable and fast identification of the operating system and software on both endpoints of a vanilla TCP connection - especially in settings where NMap probes are blocked, too slow, unreliable, or would simply set off alarms. - Measurement of system uptime and network hookup, distance (including topology behind NAT or packet filters), user language preferences, and so on. - Automated detection of connection sharing / NAT, load balancing, and application-level proxying setups, - Detection of dishonest clients / servers that forge declarative statements such as X-Mailer or User-Agent. The tool can be operated in the foreground or as a daemon, and offers a simple real-time API for third-party components that wish to obtain additional information about the actors they are talking to. Common uses for p0f include reconnaissance during penetration tests; routine network monitoring; detection of unauthorized network interconnects in corporate environments; providing signals for abuse prevention tools; and miscellaneous forensics. == What's new == Version 3 is a complete rewrite, bringing you much improved SYN and SYN+ACK fingerprinting capabilities, auto-calibrated uptime measurements, completely redone databases and signatures, new API design, IPv6 support (who knows, maybe it even works?), stateful traffic inspection with thorough cross-correlation of collected data, application-level fingerprinting modules (for HTTP now, more to come), and a lot more. == Download / demo == Please visit: http://lcamtuf.coredump.cx/p0f3/ This is a release candidate, and my hope is to get folks to contribute signatures and help squash bugs. If all goes according to plan, this should progress to a final release in a week or two. Some issues are expected, so please report problems off-the-list. /mz
Re: Simple Mail Server - SMTP Authentication Bypass Vulnerability
Hi, demona...@163.com schrieb am 08.01.2012 um 15:10: Title: Simple Mail Server - SMTP Authentication Bypass Vulnerability Bug Description : Simple Mail Server is a tiny Mail Server written in C#. It can be sent mail without password by using usual tcp client(such as telnet). And it did not have SMTP authentication contoller. POC(Remarks: domain alex.com and user a...@alex.com must be exists in configuration for this test case): telnet 127.0.0.1 25 220 TEST-121F797342 SMTP ready. EHLO mail_of_alert 500 Not supported. Use HELO MAIL FROM: a...@alex.com 250 OK RCPT TO: a...@alex.com 250 OK Data 354 Start mail input; end with CRLF.CRLF From: a...@alex.com a...@alex.com To: a...@alex.com a...@alex.com Subject: authenticate is not required! erm... where's the bug? If the mailer is configured to receive mail for a...@alex.com, why should it require SMTP authentication for incoming mails to that address? Anyway, SMTP authentication is not a requirement for an MTA, so the lack of such can hardly be called a bug. Bye, Peter -- Peter Conrad Tivano Software GmbH Bahnhofstr. 18 63263 Neu-Isenburg Tel: 06102 / 8099070 Fax: 06102 / 8099071 HRB 11680, AG Offenbach/Main Geschäftsführer: Martin Apel
[ MDVSA-2012:003 ] apache
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:003 http://www.mandriva.com/security/ ___ Package : apache Date: January 10, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities has been found and corrected in apache: Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow (CVE-2011-3607). The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an \@ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368 (CVE-2011-4317). The updated packages have been patched to correct these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 ___ Updated Packages: Mandriva Linux 2010.1: 47721c86104358598ddc96c7e93cbdf8 2010.1/i586/apache-base-2.2.15-3.6mdv2010.2.i586.rpm c4029cf90932f6c6d864cc3d91750bca 2010.1/i586/apache-devel-2.2.15-3.6mdv2010.2.i586.rpm 1f9554a4bdb15089b2711b77fe927c61 2010.1/i586/apache-htcacheclean-2.2.15-3.6mdv2010.2.i586.rpm 8d1d86c9b9737d244fde84560718d8e4 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.6mdv2010.2.i586.rpm d33b4789fd1effc6222440d4cd04dd9e 2010.1/i586/apache-mod_cache-2.2.15-3.6mdv2010.2.i586.rpm 634a44c3077bf6b56a19ba2ee367c7ec 2010.1/i586/apache-mod_dav-2.2.15-3.6mdv2010.2.i586.rpm e6d01a8e87b87234c6ac49aa9491aa6f 2010.1/i586/apache-mod_dbd-2.2.15-3.6mdv2010.2.i586.rpm 8a062c3d3255701c066879d4092f70be 2010.1/i586/apache-mod_deflate-2.2.15-3.6mdv2010.2.i586.rpm 9c8a07706f25f84c7fb1deadd948a754 2010.1/i586/apache-mod_disk_cache-2.2.15-3.6mdv2010.2.i586.rpm 8bc3e2eea57fb63efb5b184e11ca8f1b 2010.1/i586/apache-mod_file_cache-2.2.15-3.6mdv2010.2.i586.rpm 498bc63dfedfa9021a0dd91b6ffed359 2010.1/i586/apache-mod_ldap-2.2.15-3.6mdv2010.2.i586.rpm 586c31feb7fb7ca857ef7ee45bf9aebf 2010.1/i586/apache-mod_mem_cache-2.2.15-3.6mdv2010.2.i586.rpm 308a280dc26817b96a6845bc7578c3db 2010.1/i586/apache-mod_proxy-2.2.15-3.6mdv2010.2.i586.rpm 328ac2fe0f4e22d6fe07ae7f70a52fe2 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.6mdv2010.2.i586.rpm 930c0accae0dd1f5a575d3585c323ac9 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.6mdv2010.2.i586.rpm 2a5777c4e69db66cc2ae0415aaa0dc9f 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.6mdv2010.2.i586.rpm 66b7801aa2e0c5dca2615ccdafed173e 2010.1/i586/apache-mod_ssl-2.2.15-3.6mdv2010.2.i586.rpm 8d9053f7c60598e3e9fd7a31c2ddaf87 2010.1/i586/apache-modules-2.2.15-3.6mdv2010.2.i586.rpm 8fad2bd2b81936e4d56feac1c7a4a241 2010.1/i586/apache-mod_userdir-2.2.15-3.6mdv2010.2.i586.rpm 12cf47a671ecc70457b74d77da1e976b 2010.1/i586/apache-mpm-event-2.2.15-3.6mdv2010.2.i586.rpm 97f21f06c7a6b92c4c31c97b0f3ab060 2010.1/i586/apache-mpm-itk-2.2.15-3.6mdv2010.2.i586.rpm 17a097d14ee2d2eb8d9f5d4f1b9c1843 2010.1/i586/apache-mpm-peruser-2.2.15-3.6mdv2010.2.i586.rpm 5b488c7767f3c922f36de062e230de3d 2010.1/i586/apache-mpm-prefork-2.2.15-3.6mdv2010.2.i586.rpm 1c8974dfcec0aa5b8d8260c258d6df49 2010.1/i586/apache-mpm-worker-2.2.15-3.6mdv2010.2.i586.rpm f8ed0cb6600be8c3ec1f2b802a7c0eed 2010.1/i586/apache-source-2.2.15-3.6mdv2010.2.i586.rpm 482f8796d668ae703faaf53d3f4c2c7f 2010.1/SRPMS/apache-2.2.15-3.6mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 04a6488038ca1a84d7e91ce51e4d677f 2010.1/x86_64/apache-base-2.2.15-3.6mdv2010.2.x86_64.rpm 2ba4bd05b46725f127e5b2033fd51667 2010.1/x86_64/apache-devel-2.2.15-3.6mdv2010.2.x86_64.rpm f351ed5721f1b05a6b7dc87ed7aa7a69 2010.1/x86_64/apache-htcacheclean-2.2.15-3.6mdv2010.2.x86_64.rpm 153c76dacd12ef6981827213ec0c8772 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.6mdv2010.2.x86_64.rpm 7ed6d7c584fc0eb78303e39ed60b4a73 2010.1/x86_64/apache-mod_cache-2.2.15-3.6mdv2010.2.x86_64.rpm 5a3617389d5a007ecf3dfa4f5ab91b85 2010.1/x86_64/apache-mod_dav-2.2.15-3.6mdv2010.2.x86_64.rpm
ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-008 January 10, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Citrix - -- Affected Products: Citrix Provisioning Services - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The specific flaw exists within the streamprocess.exe component which listens for UDP traffic on multiple ports, beginning with 6905. When handling a packet which requests a vDisk name, the user-supplied length value is not properly validated. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. - -- Vendor Response: Citrix has issued an update to correct this vulnerability. More details can be found at: http://support.citrix.com/article/CTX130846 - -- Disclosure Timeline: 2011-04-01 - Vulnerability reported to vendor 2012-01-10 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * AbdulAziz Hariri of ThirdEyeTesters - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJPDHxaAAoJEFVtgMGTo1scjQwH/RXTmZGKOsOFcd+8F+nWENnY UQxvLB9DDSeLEg6vDhp/XFmKCyYLURXZ0Rdy+N6O3dlivih8qDKcLMgwxjpyQ8jh K4yVPU+sq0AF11hl7vhGExlm0spC/2CwMVo3uOn9RRgDLib3dMZmYGRZRmTMfrhN 0qHoHSz1A3iSc7ypXBEnM+e/Cx1gRVgHhL0b9xEHOZo6v2xS4/kCpqHdzx/A+K1g xBT5Eyi+wKbgG8eEk4oKS3vjK5fnLyO+ASvwZlrYg5govBdLNlxEQ+mMWJcSQFJi oBf0i1YPLUmTUZ7PlZTDqpXEKXhQXUCIPv25/wg3wNTA3F82zzccDBqHSKoWkd8= =J/Jk -END PGP SIGNATURE-
ZDI-12-009 : Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-009 : Citrix Provisioning Services Stream Service 0x4002 Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-009 January 10, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Citrix - -- Affected Products: Citrix Citrix Provisioning Services - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11860. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x4002 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM. - -- Vendor Response: Citrix has issued an update to correct this vulnerability. More details can be found at: http://support.citrix.com/article/CTX130846 - -- Disclosure Timeline: 2011-07-22 - Vulnerability reported to vendor 2012-01-10 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * aniway.any...@gmail.com - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJPDHyYAAoJEFVtgMGTo1scFs8IAIo3uX6d5CuVvfs5LtmQitg2 6jkn/wiUDnId5mzrQalrKrjMTnFtxy4w3awYiNALZj2SoiTA3HZxerxRmbbHjzOh dj9x2d+ebPYqV6cGEp7OXPdhU+PUSh1ESHOW6kHtEruHD8bCy/+CguMwladkmShD Wsky/W5dBp8THhrm22rGbHZqp5w1EFmEw+F788BdG/LAT+8JMxKMmZl6DVb4BrC5 3LA13Zxu9RW7Em8C/2yaUhhQCFVIwK02vXuymfXSKv53uFF7xnnKS9E06sE3GOlr 8VgL8mrm3uBQAishz2SU9JhNmB+oWCJKu+iVqJVF45LfKb/fazegnR5RFk8RGZM= =41Qy -END PGP SIGNATURE-
ZDI-12-010 : Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-010 : Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-010 January 10, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Citrix - -- Affected Products: Citrix Provisioning Services - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11860. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM. - -- Vendor Response: Citrix has issued an update to correct this vulnerability. More details can be found at: http://support.citrix.com/article/CTX130846 - -- Disclosure Timeline: 2011-07-22 - Vulnerability reported to vendor 2012-01-10 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * aniway.any...@gmail.com - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJPDHzjAAoJEFVtgMGTo1scfDQIAJVADhWgn5KwDu/urXv0XVT9 UXgimOx7oLkvsVa7BRZOQVZRiRUAA5gOuGl+afKIMdSbnBkLz5vTxXQwAfbJu2Sj kIDpoW3TF2kGmR/8WgHtxfrnqtACV9GGLWq3Mp2VfXU9IEE8Aufj1b+540RxQvH2 g2CU6NWCLpb8Z0P52a8QWEbCy4dbp71gnYW9CDr7JHAXd7cda/VSbiEaI2C9hE/U GBKxRzSVvpWCGlldAmnpdcWVWhDF6INzsuBFZslnG65TJzOPcPfXopTNdMZVmQvM HuSCMrmchQQBVxLrA1Q3b+Fo7qGGu7UQuILG9N8WvFYwGmkpkMxP4Y/qG16FS18= =up0O -END PGP SIGNATURE-
ZDI-12-011 : Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-011 : Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-011 January 10, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Novell - -- Affected Products: Novell Netware - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11929. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 32779. When decoding the xdr encoded caller_name from an NLM_TEST procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system. - -- Vendor Response: Novell has issued an update to correct this vulnerability. More details can be found at: http://download.novell.com/Download?buildid=Cfw1tDezgbw~ - -- Disclosure Timeline: 2011-06-03 - Vulnerability reported to vendor 2012-01-10 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Francis Provencher for Protek Research Lab's - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJPDH1UAAoJEFVtgMGTo1scA60IAJCan3f1lRqer1X6RBvchc+n yl3TM+cKt2Dlw17YLa+f1FRzp7Gt7hlyy4CmznPcE9shI98Rddi647hUI3rGx9Di NgmlVJZMVfAQWodemHwXe2/7o2MmxePDWbAOWfQgK9N51NOTEQkUtC+uj3mH5sxN QORrxDarwZfngbwRGiTv8LWX94qXKb9c1l2MjShyu91I3Cjxm6WUDXagjI/mwt0J sf6EhPXHfyNm9C+AX3jQo7DdFFjkB0KwUOh11+1/A8X2SuGfu8c7y8ZDvpTD5iwG /rYZq/4VwK1eyj02Y+njR5XTyF62Yum7T30WXRE04AYt7ilsTdXHGNpCwwC2LPE= =WPYi -END PGP SIGNATURE-
[SECURITY] [DSA 2385-1] pdns security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2385-1 secur...@debian.org http://www.debian.org/security/Florian Weimer January 10, 2012 http://www.debian.org/security/faq - - Package: pdns Vulnerability : packet loop Problem type : remote Debian-specific: no CVE ID : CVE-2012-0206 Ray Morris discovered that the PowerDNS authoritative sever responds to response packets. An attacker who can spoof the source address of IP packets can cause an endless packet loop between a PowerDNS authoritative server and another DNS server, leading to a denial of service. For the oldstable distribution (lenny), this problem has been fixed in version 2.9.21.2-1+lenny1. For the stable distribution (squeeze), this problem has been fixed in version 2.9.22-8+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your pdns packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJPDIQ5AAoJEL97/wQC1SS+nz8H/1qB4Rzmu8X91C82/AUoaKjQ 6yKU85D7e+/iBtjHN8qAec7xGJugGonJCmHK+IgenoCksvaI4rJEZgymj2W83LDC HB/0KYq3Js7YFLmtTrJkz/xzgwFUB1bh59dzQWWfphgzjw8Nnz4EWkWNbF4ZhuHJ JYAIkbmipLukNs2ioiu8GaNcE/r5pa/w8sAP/h+E4fKsYC/gcVhQI5/mRTG3jjqF 4Jt7ZrxmRD9hjHclTcmRt2gAql0Q70TsM8gZl66tW+I8HzSc26mYWgRMgRe0mdN6 WN8gfx7FhGF8EnTTv27GDtysnmS61N2akIFr6v/BboyqYQ1qAu9H1rxBzu0jWr8= =k1Um -END PGP SIGNATURE-