CVE-2009-4009
https://notcve.org/view.php?id=CVE-2009-4009
Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted packets. Desbordamiento de búfer en PowerDNS Recursor anterior a v3.1.7.2 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección a través de paquetes manipulados. • http://doc.powerdns.com/powerdns-advisory-2010-01.html http://secunia.com/advisories/38004 http://secunia.com/advisories/38068 http://securitytracker.com/id?1023403 http://www.securityfocus.com/archive/1/508743/100/0/threaded http://www.securityfocus.com/bid/37650 http://www.vupen.com/english/advisories/2010/0054 https://bugzilla.redhat.com/show_bug.cgi?id=552285 https://exchange.xforce.ibmcloud.com/vulnerabilities/55438 https://www.redhat.com/archives/fedora-package-announce/2010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-4010
https://notcve.org/view.php?id=CVE-2009-4010
Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones. Vulnerabilidad sin especificar en PowerDNS Recursor anterior a v3.1.7.2 permite a atacantes remotos suplantar datos DNS a través de zonas manipuladas. • http://doc.powerdns.com/powerdns-advisory-2010-02.html http://secunia.com/advisories/38004 http://secunia.com/advisories/38068 http://securitytracker.com/id?1023404 http://www.securityfocus.com/archive/1/508743/100/0/threaded http://www.securityfocus.com/bid/37653 http://www.vupen.com/english/advisories/2010/0054 https://bugzilla.redhat.com/show_bug.cgi?id=552285 https://exchange.xforce.ibmcloud.com/vulnerabilities/55439 https://www.redhat.com/archives/fedora-package-announce/2010 •
CVE-2008-5277
https://notcve.org/view.php?id=CVE-2008-5277
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query. PowerDNS y versiones anteriores a 2.9.21.2 permite a los atacantes remotos causar una denegación de servicios (caída del daemon) a través de una petición CH HINFO. • http://doc.powerdns.com/powerdns-advisory-2008-03.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://secunia.com/advisories/32979 http://secunia.com/advisories/33264 http://security.gentoo.org/glsa/glsa-200812-19.xml http://securitytracker.com/id?1021304 http://www.securityfocus.com/bid/32627 https://exchange.xforce.ibmcloud.com/vulnerabilities/47076 • CWE-16: Configuration •
CVE-2008-3337
https://notcve.org/view.php?id=CVE-2008-3337
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217. PowerDNS Authoritative Server versiones anteriores a 2.9.21.1 descarga peticiones malformadas, lo cual puede hacer más fácil a atacantes remotos envenenar cachés DNS de otros productos ejecutándose en otros servidores, una cuestión diferente a CVE-2008-1447 y CVE-2008-3217. • http://doc.powerdns.com/changelog.html http://doc.powerdns.com/powerdns-advisory-2008-02.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://mailman.powerdns.com/pipermail/pdns-users/2008-August/005646.html http://secunia.com/advisories/31401 http://secunia.com/advisories/31407 http://secunia.com/advisories/31448 http://secunia.com/advisories/31687 http://secunia.com/advisories/33264 http://security.gentoo.org/glsa/glsa-200812-19.xml http://w • CWE-20: Improper Input Validation •
CVE-2008-3217
https://notcve.org/view.php?id=CVE-2008-3217
PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637. PowerDNS Recursor anterior a 3.1.6 no utiliza siempre el generador de números aleatorios más robusto para la selección de un puerto de origen, lo que le hace más fácil para los vectores de ataque remotos para llevar a cabo un ataque por envenenamiento de caché DNS. NOTA: Esto está relacionado con la incompleta integración de las mejoras de la seguridad asociados con CVE-2008-1637. • http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-6 http://secunia.com/advisories/31311 http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/1179 http://www.openwall.com/lists/oss-security/2008/07/09/10 http://www.openwall.com/lists/oss-security/2008/07/10/6 http://www.openwall.com/lists/oss-security/2008/07/16/12 http://www.securityfocus.com/bid/30782 https://exchange.xforce.ibmcloud.com/vulnerabilities/43925 https://www.redhat.com/archives/fedora-pa • CWE-189: Numeric Errors •