Page 13 of 68 results (0.006 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 4

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information. PowerDNS Recursor anterior a 3.1.5 no emplea la suficiente aleatoriedad para calcular (1) los valores TRXID y (2) números de las fuentes de los puertos UDP; esto hace que sea más fácil a los atacantes remotos envenenar una caché de DNS relacionada con (a) deficiencias algorítmicas en las funciones rand y random de librerias externas, (b) uso de una semilla de 32-bit, y (3) elección del momento del día como la única semilla de información. • http://doc.powerdns.com/changelog.html http://doc.powerdns.com/powerdns-advisory-2008-01.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://secunia.com/advisories/29584 http://secunia.com/advisories/29737 http://secunia.com/advisories/29764 http://secunia.com/advisories/29830 http://secunia.com/advisories/30581 http://security.gentoo.org/glsa/glsa-200804-22.xml http://www.debian.org/security/2008/dsa-1544 http://www.securityfocus.com/archive • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 1%CPEs: 12EXPL: 0

PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop. PowerDNS Recursor 3.1.3 y anteriores permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos o caída de la aplicación) mediante un registro CNAME con un TTL a cero, lo cual dispara un bucle infinito. • http://doc.powerdns.com/powerdns-advisory-2006-02.html http://lists.suse.com/archive/suse-security-announce/2006-Nov/0007.html http://secunia.com/advisories/22824 http://secunia.com/advisories/22976 http://www.securityfocus.com/bid/21037 http://www.vupen.com/english/advisories/2006/4484 https://exchange.xforce.ibmcloud.com/vulnerabilities/30257 •

CVSS: 7.5EPSS: 10%CPEs: 12EXPL: 0

Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length. Desbordamiento de búfer en PowerDNS Recursor 3.1.3 y anteriores puede que permita a atacantes remotos ejecutar código de su elección mediante consultas TCP DNS mal formadas que previene a Recursor de calcular correctamente la longitud de una consulta TCP DNS. • http://doc.powerdns.com/powerdns-advisory-2006-01.html http://lists.suse.com/archive/suse-security-announce/2006-Nov/0007.html http://secunia.com/advisories/22824 http://secunia.com/advisories/22903 http://secunia.com/advisories/22976 http://www.debian.org/security/2006/dsa-1211 http://www.securityfocus.com/bid/21037 http://www.vupen.com/english/advisories/2006/4484 https://exchange.xforce.ibmcloud.com/vulnerabilities/30270 •

CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 0

The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets. • http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-0-1 http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://secunia.com/advisories/19831 http://secunia.com/advisories/20117 http://www.securityfocus.com/bid/17711 http://www.vupen.com/english/advisories/2006/1527 https://exchange.xforce.ibmcloud.com/vulnerabilities/26100 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 1%CPEs: 18EXPL: 0

The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. • http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en http://www.osvdb.org/25291 http://www.securityfocus.com/bid/13729 •