CVE-2016-7068
https://notcve.org/view.php?id=CVE-2016-7068
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour. Se ha descubierto un problema en PowerDNS en versiones anteriores a la 3.4.11 y 4.0.2, y PowerDNS recursor en versiones anteriores a la 3.7.4 y 4.0.4, que permite que un atacante no autenticado remoto provoque una carga de uso de CPU anormal en el servidor de PowerDNS mediante el envío de consultas DNS manipuladas, lo que podría resultar en una denegación de servicio (DoS) parcial si el sistema se sobrecarga. Este problema se basa en el hecho de que el servidor de PowerDNS analiza todos los registros presentes en una consulta, independientemente de si se necesitan o incluso si son legítimos. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068 https://doc.powerdns.com/md/security/powerdns-advisory-2016-02 https://www.debian.org/security/2017/dsa-3763 https://www.debian.org/security/2017/dsa-3764 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVE-2015-5470
https://notcve.org/view.php?id=CVE-2015-5470
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. La funcionalidad de descompresión de etiqueta en PowerDNS Recursor en versiones anteriores a 3.6.4 y 3.7.x en versiones anteriores a 3.7.3 y Authoritative (Auth) Server en versiones anteriores a 3.3.3 y 3.4.x en versiones anteriores a 3.4.5 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU o caída) a través de una petición con un nombre largo que se refiere a sí mismo. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-1868. • http://www.openwall.com/lists/oss-security/2015/07/07/6 http://www.openwall.com/lists/oss-security/2015/07/10/8 https://doc.powerdns.com/md/security/powerdns-advisory-2015-01 • CWE-399: Resource Management Errors •
CVE-2014-8601
https://notcve.org/view.php?id=CVE-2014-8601
PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. PowerDNS Recursor en versiones anteriores a 3.6.2 no limita el encadenamiento de delegación, lo que permite a atacantes remotos provocar una denegación de servicio ("degradaciones de rendimiento") a través un número largo o infinito de referencias, según lo demostrado por la resolución de dominios alojados por ezdns.it. • http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html http://doc.powerdns.com/md/security/powerdns-advisory-2014-02 http://www.debian.org/security/2014/dsa-3096 http://www.kb.cert.org/vuls/id/264212 http://www.securityfocus.com/bid/71545 http://www.securitytracker.com/id/1031310 • CWE-399: Resource Management Errors •
CVE-2009-4010
https://notcve.org/view.php?id=CVE-2009-4010
Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones. Vulnerabilidad sin especificar en PowerDNS Recursor anterior a v3.1.7.2 permite a atacantes remotos suplantar datos DNS a través de zonas manipuladas. • http://doc.powerdns.com/powerdns-advisory-2010-02.html http://secunia.com/advisories/38004 http://secunia.com/advisories/38068 http://securitytracker.com/id?1023404 http://www.securityfocus.com/archive/1/508743/100/0/threaded http://www.securityfocus.com/bid/37653 http://www.vupen.com/english/advisories/2010/0054 https://bugzilla.redhat.com/show_bug.cgi?id=552285 https://exchange.xforce.ibmcloud.com/vulnerabilities/55439 https://www.redhat.com/archives/fedora-package-announce/2010 •
CVE-2009-4009
https://notcve.org/view.php?id=CVE-2009-4009
Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted packets. Desbordamiento de búfer en PowerDNS Recursor anterior a v3.1.7.2 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección a través de paquetes manipulados. • http://doc.powerdns.com/powerdns-advisory-2010-01.html http://secunia.com/advisories/38004 http://secunia.com/advisories/38068 http://securitytracker.com/id?1023403 http://www.securityfocus.com/archive/1/508743/100/0/threaded http://www.securityfocus.com/bid/37650 http://www.vupen.com/english/advisories/2010/0054 https://bugzilla.redhat.com/show_bug.cgi?id=552285 https://exchange.xforce.ibmcloud.com/vulnerabilities/55438 https://www.redhat.com/archives/fedora-package-announce/2010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •