The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only nameserver. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database.
{"fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only nameserver. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database. ", "cvss3": {}, "published": "2008-08-07T23:53:05", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: pdns-2.9.21.1-1.fc9", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3337"], "modified": "2008-08-07T23:53:05", "id": "FEDORA:2776C1AD10C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BOIL3237272FLTG64T7QF7G5RJBQ7OQZ/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-25T10:56:00", "description": "Check for the Version of pdns", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for pdns FEDORA-2008-7083", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3337"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860161", "href": "http://plugins.openvas.org/nasl.php?oid=860161", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pdns FEDORA-2008-7083\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pdns on Fedora 8\";\ntag_insight = \"The PowerDNS Nameserver is a modern, advanced and high performance\n authoritative-only nameserver. It is written from scratch and conforms\n to all relevant DNS standards documents.\n Furthermore, PowerDNS interfaces with almost any database.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00140.html\");\n script_id(860161);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:03:12 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-7083\");\n script_cve_id(\"CVE-2008-3337\");\n script_name( \"Fedora Update for pdns FEDORA-2008-7083\");\n\n script_summary(\"Check for the Version of pdns\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"pdns\", rpm:\"pdns~2.9.21.1~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:10", "description": "Check for the Version of pdns", "cvss3": {}, "published": "2009-02-17T00:00:00", "type": "openvas", "title": "Fedora Update for pdns FEDORA-2008-7048", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3337"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:860546", "href": "http://plugins.openvas.org/nasl.php?oid=860546", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pdns FEDORA-2008-7048\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pdns on Fedora 9\";\ntag_insight = \"The PowerDNS Nameserver is a modern, advanced and high performance\n authoritative-only nameserver. It is written from scratch and conforms\n to all relevant DNS standards documents.\n Furthermore, PowerDNS interfaces with almost any database.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00109.html\");\n script_id(860546);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:03:12 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-7048\");\n script_cve_id(\"CVE-2008-3337\");\n script_name( \"Fedora Update for pdns FEDORA-2008-7048\");\n\n script_summary(\"Check for the Version of pdns\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"pdns\", rpm:\"pdns~2.9.21.1~1.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:24", "description": "The remote host is missing updates announced in\nadvisory GLSA 200812-19.", "cvss3": {}, "published": "2008-12-23T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200812-19 (pdns)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3337", "CVE-2008-5277"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63034", "href": "http://plugins.openvas.org/nasl.php?oid=63034", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two vulnerabilities have been discovered in PowerDNS, possibly leading to a\nDenial of Service and easing cache poisoning attacks.\";\ntag_solution = \"All PowerDNS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-dns/pdns-2.9.21.2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200812-19\nhttp://bugs.gentoo.org/show_bug.cgi?id=234032\nhttp://bugs.gentoo.org/show_bug.cgi?id=247079\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200812-19.\";\n\n \n \n\nif(description)\n{\n script_id(63034);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-23 18:28:16 +0100 (Tue, 23 Dec 2008)\");\n script_cve_id(\"CVE-2008-3337\", \"CVE-2008-5277\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200812-19 (pdns)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-dns/pdns\", unaffected: make_list(\"ge 2.9.21.2\"), vulnerable: make_list(\"lt 2.9.21.2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:19:45", "description": "Check for the Version of openwsman", "cvss3": {}, "published": "2009-01-23T00:00:00", "type": "openvas", "title": "SuSE Update for openwsman SUSE-SA:2008:041", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-7232", "CVE-2008-1803", "CVE-2008-1447", "CVE-2008-3337", "CVE-2007-6389", "CVE-2008-1802", "CVE-2008-2233", "CVE-2008-1801", "CVE-2008-2079", "CVE-2008-2234"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:850013", "href": "http://plugins.openvas.org/nasl.php?oid=850013", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2008_041.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for openwsman SUSE-SA:2008:041\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"remote code execution\";\ntag_affected = \"openwsman on openSUSE 10.3, openSUSE 11.0\";\ntag_insight = \"The openwsman project provides an implementation of the Web Service\n Management specification.\n The SuSE Security-Team has found two critical issues in the code:\n - two remote buffer overflows while decoding the HTTP basic authentication\n header CVE-2008-2234\n - a possible SSL session replay attack affecting the client (depending on\n the configuration) CVE-2008-2233\n Both issues were fixed.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850013);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2008-041\");\n script_cve_id(\"CVE-2008-2233\", \"CVE-2008-2234\", \"CVE-2008-3337\", \"CVE-2008-1447\", \"CVE-2007-6389\", \"CVE-2008-2079\", \"CVE-2006-7232\", \"CVE-2008-1801\", \"CVE-2008-1802\", \"CVE-2008-1803\");\n script_name( \"SuSE Update for openwsman SUSE-SA:2008:041\");\n\n script_summary(\"Check for the Version of openwsman\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"openwsman\", rpm:\"openwsman~1.2.0~14.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openwsman-client\", rpm:\"openwsman-client~1.2.0~14.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openwsman-devel\", rpm:\"openwsman-devel~1.2.0~14.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openwsman-server\", rpm:\"openwsman-server~1.2.0~14.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"openwsman-debuginfo\", rpm:\"openwsman-debuginfo~2.0.0~3.3\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openwsman-debugsource\", rpm:\"openwsman-debugsource~2.0.0~3.3\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwsman-devel\", rpm:\"libwsman-devel~2.0.0~3.3\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwsman1\", rpm:\"libwsman1~2.0.0~3.3\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openwsman-client\", rpm:\"openwsman-client~2.0.0~3.3\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openwsman-python\", rpm:\"openwsman-python~2.0.0~3.3\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openwsman-ruby\", rpm:\"openwsman-ruby~2.0.0~3.3\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openwsman-server\", rpm:\"openwsman-server~2.0.0~3.3\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2022-05-18T17:45:14", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1628-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nAugust 10, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : pdns\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-3337\n\nBrian Dowling discovered that the PowerDNS authoritative name server\ndoes not respond to DNS queries which contain certain characters,\nincreasing the risk of successful DNS spoofing (CVE-2008-3337). This\nupdate changes PowerDNS to respond with SERVFAIL responses instead.\n\nFor the stable distribution (etch), this problem has been fixed in version \n2.9.20-8+etch1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.9.21.1-1.\n\nWe recommend that you upgrade your pdns package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch1.dsc\n Size/MD5 checksum: 1137 0a41ec265f82fce6d439919cdae6001a\n http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch1.diff.gz\n Size/MD5 checksum: 51420 bb972467332e6122cee9d363ca55ad2e\n http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20.orig.tar.gz\n Size/MD5 checksum: 861879 66b3d3847f91e9ac3d13bdb8ddabfc7b\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch1_all.deb\n Size/MD5 checksum: 18402 ce1890128198b2924ec047c6fc4cd986\n http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+etch1_all.deb\n Size/MD5 checksum: 151286 ee2289703f9bc5a55ec2610309f638d8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_alpha.deb\n Size/MD5 checksum: 128498 662065c9d72d1ce6010322203c0de483\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_alpha.deb\n Size/MD5 checksum: 101180 ed93c993121ef29ea27aec3e51ae780a\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_alpha.deb\n Size/MD5 checksum: 270198 7ea2ed079ca10c956bf85ce86cc4b91f\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_alpha.deb\n Size/MD5 checksum: 80612 66cdb0206efd5384a6c12059bed6a810\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_alpha.deb\n Size/MD5 checksum: 89786 5b5b81b0b2b5a652047c8b5843f853a5\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_alpha.deb\n Size/MD5 checksum: 85122 7b27de3ebd7f6b97b56aac71b724bf74\n http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_alpha.deb\n Size/MD5 checksum: 809372 9de5122e1f69aafe84e9cfa5804223c5\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_amd64.deb\n Size/MD5 checksum: 105322 1f82a2e47996af30eaf4cbb3790d8595\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_amd64.deb\n Size/MD5 checksum: 72704 11d22cf7210db662e8667784f07aa5f3\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_amd64.deb\n Size/MD5 checksum: 216888 8568e7c10fa743b1b94d84a5d65be8b4\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_amd64.deb\n Size/MD5 checksum: 69118 297d560f7fc926151fb3e7e48840e279\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_amd64.deb\n Size/MD5 checksum: 65954 4ce9ab913782ad2285e1a729f73bfb77\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_amd64.deb\n Size/MD5 checksum: 81000 62ea289801afba9d82d57647a5b69a1e\n http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_amd64.deb\n Size/MD5 checksum: 700178 466d9d5a83f8f54346bcfef8594482cb\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_arm.deb\n Size/MD5 checksum: 72396 1cdaa3e1e9b6f9c0fc4c0d6ebd4431cc\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_arm.deb\n Size/MD5 checksum: 113774 f9e6a066829b4ab17cacb06da5115c97\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_arm.deb\n Size/MD5 checksum: 79256 ae1f671e2546d03ee244ca08a6cd7739\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_arm.deb\n Size/MD5 checksum: 245716 a914afcf74e95b26e87a2982ea339318\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_arm.deb\n Size/MD5 checksum: 76732 ed38f9dea0d74cfac026951d532eb2dc\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_arm.deb\n Size/MD5 checksum: 88456 5e573619f814e75190dfbd5d18684cbe\n http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_arm.deb\n Size/MD5 checksum: 834670 4f9ff6e1b22d5ebe6a2cee9cfab9f333\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_hppa.deb\n Size/MD5 checksum: 89188 c7d85f3d66651f9b27b10ccc26bc56c4\n http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_hppa.deb\n Size/MD5 checksum: 779220 b1ce1b8f19c577b0ee4f2a1ee08237e7\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_hppa.deb\n Size/MD5 checksum: 71462 8a979586b26e57bcb275eaa418e82984\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_hppa.deb\n Size/MD5 checksum: 74914 c8b1db6a6eb2a04ea29ec760e4ee8e9d\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_hppa.deb\n Size/MD5 checksum: 116772 5fc7175897c29277345d6f17a2163976\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_hppa.deb\n Size/MD5 checksum: 78590 c6f85e199a17cb460e0c68c89b0bd964\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_hppa.deb\n Size/MD5 checksum: 241084 fe36e0a467697245f7a7311da13525aa\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_i386.deb\n Size/MD5 checksum: 708666 36483e99ba35b15425455a4a89dafe08\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_i386.deb\n Size/MD5 checksum: 70008 10aecf8368afb6c194e1a1820655d3fd\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_i386.deb\n Size/MD5 checksum: 66474 18efd44bd3b34fbc402f4d0226e82f3b\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_i386.deb\n Size/MD5 checksum: 217716 0c9b86c448fe9842e93048dc4fcbbd1c\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_i386.deb\n Size/MD5 checksum: 63686 f849a4d00ed60c49955a408ca6881fae\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_i386.deb\n Size/MD5 checksum: 78932 3d9391be91d78616516bf7634ee97a18\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_i386.deb\n Size/MD5 checksum: 105212 1ae9f44fef55b966568e29c057f6f87f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_ia64.deb\n Size/MD5 checksum: 77244 4d91e45c77bb38a41982e93e2479757d\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_ia64.deb\n Size/MD5 checksum: 282342 57d8d9dcd767e37894d0f9f894e386e6\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_ia64.deb\n Size/MD5 checksum: 130856 f13b6a20419dbafda9cd00905149170c\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_ia64.deb\n Size/MD5 checksum: 80256 eca0173e0776cfa51be3fe35275e336d\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_ia64.deb\n Size/MD5 checksum: 97948 58ad77f6e4a87bc86d84851836f91fca\n http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_ia64.deb\n Size/MD5 checksum: 941082 99eeed221822d5882679c7775049b16d\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_ia64.deb\n Size/MD5 checksum: 84298 66a4d00b34bd8cfe0b1226a626c7e03c\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_mips.deb\n Size/MD5 checksum: 63060 39a187d32f4b7211d250d3620a01cc24\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_mips.deb\n Size/MD5 checksum: 70350 dee7156441aa0be6eaef652585ed5a1b\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_mips.deb\n Size/MD5 checksum: 105298 a26d7f802d8c1fd4482558d0a6e6aa3e\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_mips.deb\n Size/MD5 checksum: 81156 e8c0118b7d0863f9e83ba4ec83b30019\n http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_mips.deb\n Size/MD5 checksum: 670300 c65ec14b44e58d5d423b1c3fb974b4ce\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_mips.deb\n Size/MD5 checksum: 214280 20b6cc51c4f38ccaf8daf5c93b7e8886\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_mips.deb\n Size/MD5 checksum: 67088 ce286fc954825fea3d3765d492eea148\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_mipsel.deb\n Size/MD5 checksum: 63340 bd900083144b99155d9720a289fdd33f\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_mipsel.deb\n Size/MD5 checksum: 213322 ea511d369d33b503b65af378eb267521\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_mipsel.deb\n Size/MD5 checksum: 104804 6220725bf558c49f92503e5c676b736a\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_mipsel.deb\n Size/MD5 checksum: 70124 9f3ac750de78a447d510c2ac213f8f20\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_mipsel.deb\n Size/MD5 checksum: 81728 fd31e9f80040f6b1803d16f6e9ad78cf\n http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_mipsel.deb\n Size/MD5 checksum: 669432 cb6421c4f2c14c0ed2bb8a5998d60fa8\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_mipsel.deb\n Size/MD5 checksum: 67048 a1f9256339678471b87cb01657e1b70b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_powerpc.deb\n Size/MD5 checksum: 716276 4df7f6ea44a8d5fab0fb2bdc20752a5b\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_powerpc.deb\n Size/MD5 checksum: 70326 06c5c32d97c0eac47107aa00dd9008f5\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_powerpc.deb\n Size/MD5 checksum: 73730 6c98ac116ea64aa66e8a617a256781cd\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_powerpc.deb\n Size/MD5 checksum: 66526 ada8622d9a53d4dfd89972e99da8c1a0\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_powerpc.deb\n Size/MD5 checksum: 82142 255449adb0cf54fa443ee90b266102e3\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_powerpc.deb\n Size/MD5 checksum: 222544 2cba08f9232e4c68801b7440a74b2932\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_powerpc.deb\n Size/MD5 checksum: 109028 c1fe83f0c527d1a9c8998d6d63ba71d0\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_s390.deb\n Size/MD5 checksum: 61466 6f8bf4d3a4888c2c805c2d1649e5f8e1\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_s390.deb\n Size/MD5 checksum: 64120 747dcdd246cb9216c38d0f60d9d83970\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_s390.deb\n Size/MD5 checksum: 78374 a7d74b952126768d8ee6b6a4af3ff176\n http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_s390.deb\n Size/MD5 checksum: 647764 b324252630cb5e9331a8da4d13029ab7\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_s390.deb\n Size/MD5 checksum: 66934 af0d5492cd4ec5b0313ac93093fad6da\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_s390.deb\n Size/MD5 checksum: 104342 2294cc657d9d41e07a2bd50ad679a931\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_s390.deb\n Size/MD5 checksum: 206680 752595cd21b17313ac4e89260afa2125\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_sparc.deb\n Size/MD5 checksum: 66600 2c9b1c9106d7d4e20c9c070938180b15\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_sparc.deb\n Size/MD5 checksum: 102604 497b5950616a7ae22c27a41de5afce2d\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_sparc.deb\n Size/MD5 checksum: 213970 db7bfb0af8508c12a313932b56089245\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_sparc.deb\n Size/MD5 checksum: 78018 4f564a99232539283d1c22defd36d572\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_sparc.deb\n Size/MD5 checksum: 69886 8294d5780a4e1fe0584354b05307ce0b\n http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_sparc.deb\n Size/MD5 checksum: 718572 b1edc3a9ff76c2aade1c4b3ac4312317\n http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_sparc.deb\n Size/MD5 checksum: 63458 b5f2890c751479e3b6aa62f5782e92a1\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2008-08-10T20:34:06", "type": "debian", "title": "[SECURITY] [DSA 1627-1] New PowerDNS packages reduce DNS spoofing risk", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3337"], "modified": "2008-08-10T20:34:06", "id": "DEBIAN:DSA-1627-1:F8BAD", "href": "https://lists.debian.org/debian-security-announce/2008/msg00213.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T22:00:44", "description": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries,\nwhich might make it easier for remote attackers to poison DNS caches of\nother products running on other servers, a different issue than\nCVE-2008-1447 and CVE-2008-3217.", "cvss3": {}, "published": "2008-08-08T00:00:00", "type": "ubuntucve", "title": "CVE-2008-3337", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3337"], "modified": "2008-08-08T00:00:00", "id": "UB:CVE-2008-3337", "href": "https://ubuntu.com/security/CVE-2008-3337", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T13:09:46", "description": "Brian Dowling discovered that the PowerDNS authoritative name server does not respond to DNS queries which contain certain characters, increasing the risk of successful DNS spoofing (CVE-2008-3337 ). This update changes PowerDNS to respond with SERVFAIL responses instead.", "cvss3": {"score": null, "vector": null}, "published": "2008-08-19T00:00:00", "type": "nessus", "title": "Debian DSA-1628-1 : pdns - DNS response spoofing", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3337"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:pdns", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1628.NASL", "href": "https://www.tenable.com/plugins/nessus/33933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1628. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33933);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-3337\");\n script_bugtraq_id(30587);\n script_xref(name:\"DSA\", value:\"1628\");\n\n script_name(english:\"Debian DSA-1628-1 : pdns - DNS response spoofing\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Brian Dowling discovered that the PowerDNS authoritative name server\ndoes not respond to DNS queries which contain certain characters,\nincreasing the risk of successful DNS spoofing (CVE-2008-3337 ). This\nupdate changes PowerDNS to respond with SERVFAIL responses instead.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1628\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the pdns package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.9.20-8+etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pdns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"pdns\", reference:\"2.9.20-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pdns-backend-geo\", reference:\"2.9.20-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pdns-backend-ldap\", reference:\"2.9.20-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pdns-backend-mysql\", reference:\"2.9.20-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pdns-backend-pgsql\", reference:\"2.9.20-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pdns-backend-pipe\", reference:\"2.9.20-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pdns-backend-sqlite\", reference:\"2.9.20-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pdns-doc\", reference:\"2.9.20-8+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"pdns-server\", reference:\"2.9.20-8+etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-10-18T14:20:51", "description": "The remote DNS drops malformed queries. If it is not just a resolver and serves a domain name, this may help poisoning the cache of other DNS resolvers. PoweDNS 2.9.21 and earlier are known to exhibit this behavior. \n\nNote that this does not mean that this server would be vulnerable to cache poisoning if it were a resolver.", "cvss3": {"score": null, "vector": null}, "published": "2008-08-12T00:00:00", "type": "nessus", "title": "PowerDNS Authoritative Server Malformed Query Cache Poisoning Weakness", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3337"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/a:powerdns:powerdns"], "id": "POWERDNS_MALFORMED_QUERY.NASL", "href": "https://www.tenable.com/plugins/nessus/33868", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33868);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/25 18:58:03\");\n\n script_cve_id(\"CVE-2008-3337\");\n script_bugtraq_id(30587);\n\n script_name(english:\"PowerDNS Authoritative Server Malformed Query Cache Poisoning Weakness\");\n script_summary(english: \"Sends a malformed query to the DNS server and wait for an answer\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote DNS server drops malformed queries.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote DNS drops malformed queries. If it is not just a resolver\nand serves a domain name, this may help poisoning the cache of other\nDNS resolvers. PoweDNS 2.9.21 and earlier are known to exhibit this\nbehavior. \n\nNote that this does not mean that this server would be vulnerable \nto cache poisoning if it were a resolver.\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade PowerDNS to version 2.9.21.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n script_set_attribute(attribute:\"see_also\", value:\"http://doc.powerdns.com/powerdns-advisory-2008-02.html\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/12\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:powerdns:powerdns\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO); \n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"DNS\");\n\n script_dependencie(\"dns_server.nasl\", \"bind_version.nasl\");\n script_require_keys(\"DNS/udp/53\");\n exit(0);\n}\n\ninclude(\"dns_func.inc\");\ninclude(\"global_settings.inc\");\n\nbind_version = get_kb_item(\"bind/version\");\nif (paranoia_level < 2 && \"POWERDNS\" >!< bind_version) exit(0);\n# If version-string=powerdns, the answer is:\n# \"Served by PowerDNS - http://www.powerdns.com\"\n# If version-string=full, the answer is:\n# \"Served by POWERDNS 2.9.21.1 ...\"\n\n# http://www.iana.org/assignments/dns-parameters\ndns[\"transaction_id\"] = rand() & 0xffff;\ndns[\"flags\"]\t = 0x0010;\ndns[\"q\"]\t = 1;\npacket1 = mkdns(dns: dns, \n \t \tquery:mk_query(txt:mk_query_txt(\"test\", \"example\", \"com\"),\n\t\ttype: 1,\t# A\n\t\tclass: 1));\t# IN\n\ndns[\"transaction_id\"] = rand() & 0xffff;\ndns[\"flags\"]\t = 0x0010;\ndns[\"q\"]\t = 1;\npacket2 = mkdns(dns: dns, \n \t \tquery:mk_query(txt:mk_query_txt(\" test\", \"example\", \"com\"),\n\t\ttype: 1,\t# A\n\t\tclass: 1));\t# IN\n\nfunction check(packet, proto, socket)\n{\n local_var\tlen, len_hi, len_lo, req, r;\n\n if (proto == 'tcp')\n {\n len = strlen(packet);\n len_hi = len / 256;\n len_lo = len % 256;\n req = string(raw_string(len_hi, len_lo), packet);\n }\n else\n req = packet;\n send(socket: socket, data: req);\n r = recv(socket:socket, length: 512);\n return strlen(r) > 0;\t# Should we check that it is a valid DNS packet?\n}\n\nport = get_kb_item(\"Services/dns\"); \nif (port > 0 && get_port_state(port))\n{\n soc = open_sock_tcp(port);\n if(soc)\n {\n if ( check(packet: packet1, proto: 'tcp', socket: soc) &&\n ! check(packet: packet2, proto: 'tcp', socket: soc) )\n security_hole(port: port, proto: 'tcp');\n close(soc);\n exit(0);\n }\n}\n\nif (get_kb_item(\"DNS/udp/53\") && get_udp_port_state(53))\n{\n soc = open_sock_udp(53);\n if(soc)\n {\n if ( check(packet: packet1, proto: 'udp', socket: soc) &&\n ! check(packet: packet2, proto: 'udp', socket: soc) )\n security_hole(port: 53, proto: 'udp');\n close(soc);\n exit(0);\n }\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2021-08-19T13:09:53", "description": "This update of pdns offers better spoofing resistance by not ignoring invalid queries. (CVE-2008-3337)", "cvss3": {"score": null, "vector": null}, "published": "2008-08-14T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : pdns (pdns-5510)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3337"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:pdns", "p-cpe:/a:novell:opensuse:pdns-backend-ldap", "p-cpe:/a:novell:opensuse:pdns-backend-mysql", "p-cpe:/a:novell:opensuse:pdns-backend-postgresql", "p-cpe:/a:novell:opensuse:pdns-backend-sqlite2", "p-cpe:/a:novell:opensuse:pdns-backend-sqlite3", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_PDNS-5510.NASL", "href": "https://www.tenable.com/plugins/nessus/33887", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update pdns-5510.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33887);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3337\");\n\n script_name(english:\"openSUSE 10 Security Update : pdns (pdns-5510)\");\n script_summary(english:\"Check for the pdns-5510 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of pdns offers better spoofing resistance by not ignoring\ninvalid queries. (CVE-2008-3337)\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pdns packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-sqlite2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"pdns-2.9.20-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"pdns-backend-ldap-2.9.20-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"pdns-backend-mysql-2.9.20-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"pdns-backend-postgresql-2.9.20-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"pdns-backend-sqlite2-2.9.20-16\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"pdns-2.9.21-57.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"pdns-backend-ldap-2.9.21-57.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"pdns-backend-mysql-2.9.21-57.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"pdns-backend-postgresql-2.9.21-57.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"pdns-backend-sqlite2-2.9.21-57.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"pdns-backend-sqlite3-2.9.21-57.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdns-recursor\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-08-19T13:09:51", "description": "- Wed Aug 6 2008 Ruben Kerkhof <ruben at rubenkerkhof.com> 2.9.21.1-1\n\n - CVE-2008-3337\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-08-08T00:00:00", "type": "nessus", "title": "Fedora 9 : pdns-2.9.21.1-1.fc9 (2008-7048)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3337"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pdns", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2008-7048.NASL", "href": "https://www.tenable.com/plugins/nessus/33844", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-7048.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33844);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-3337\");\n script_bugtraq_id(30587);\n script_xref(name:\"FEDORA\", value:\"2008-7048\");\n\n script_name(english:\"Fedora 9 : pdns-2.9.21.1-1.fc9 (2008-7048)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Aug 6 2008 Ruben Kerkhof <ruben at rubenkerkhof.com>\n 2.9.21.1-1\n\n - CVE-2008-3337\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=458122\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-August/013358.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af5eb5ae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pdns package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pdns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"pdns-2.9.21.1-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdns\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-08-19T13:09:46", "description": "- Wed Aug 6 2008 Ruben Kerkhof <ruben at rubenkerkhof.com> 2.9.21.1-1\n\n - CVE-2008-3337\n\n - Sat Feb 9 2008 Ruben Kerkhof <ruben at rubenkerkhof.com> 2.9.21-4\n\n - GCC 4.3 fixes\n\n - Wed Dec 5 2007 Ruben Kerkhof <ruben at rubenkerkhof.com> 2.9.21-3\n\n - Rebuild to pick up new openldap\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2008-08-08T00:00:00", "type": "nessus", "title": "Fedora 8 : pdns-2.9.21.1-1.fc8 (2008-7083)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3337"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pdns", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-7083.NASL", "href": "https://www.tenable.com/plugins/nessus/33846", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-7083.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33846);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-3337\");\n script_bugtraq_id(30587);\n script_xref(name:\"FEDORA\", value:\"2008-7083\");\n\n script_name(english:\"Fedora 8 : pdns-2.9.21.1-1.fc8 (2008-7083)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Aug 6 2008 Ruben Kerkhof <ruben at rubenkerkhof.com>\n 2.9.21.1-1\n\n - CVE-2008-3337\n\n - Sat Feb 9 2008 Ruben Kerkhof <ruben at\n rubenkerkhof.com> 2.9.21-4\n\n - GCC 4.3 fixes\n\n - Wed Dec 5 2007 Ruben Kerkhof <ruben at\n rubenkerkhof.com> 2.9.21-3\n\n - Rebuild to pick up new openldap\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=458122\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-August/013389.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b11fda8c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pdns package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pdns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"pdns-2.9.21.1-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdns\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-08-19T13:07:15", "description": "This update of pdns offers better spoofing resistance by not ignoring invalid queries. (CVE-2008-3337)", "cvss3": {"score": null, "vector": null}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : pdns (pdns-146)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3337"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:pdns", "p-cpe:/a:novell:opensuse:pdns-backend-ldap", "p-cpe:/a:novell:opensuse:pdns-backend-mysql", "p-cpe:/a:novell:opensuse:pdns-backend-postgresql", "p-cpe:/a:novell:opensuse:pdns-backend-sqlite2", "p-cpe:/a:novell:opensuse:pdns-backend-sqlite3", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_PDNS-080813.NASL", "href": "https://www.tenable.com/plugins/nessus/40102", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update pdns-146.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40102);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-3337\");\n\n script_name(english:\"openSUSE Security Update : pdns (pdns-146)\");\n script_summary(english:\"Check for the pdns-146 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of pdns offers better spoofing resistance by not ignoring\ninvalid queries. (CVE-2008-3337)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=415369\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected pdns packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-sqlite2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pdns-backend-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"pdns-2.9.21-143.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"pdns-backend-ldap-2.9.21-143.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"pdns-backend-mysql-2.9.21-143.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"pdns-backend-postgresql-2.9.21-143.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"pdns-backend-sqlite2-2.9.21-143.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"pdns-backend-sqlite3-2.9.21-143.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdns-recursor\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-08-19T13:09:15", "description": "The remote host is affected by the vulnerability described in GLSA-200812-19 (PowerDNS: Multiple vulnerabilities)\n\n Daniel Drown reported an error when receiving a HINFO CH query (CVE-2008-5277). Brian J. Dowling of Simplicity Communications discovered a previously unknown security implication of the PowerDNS behavior to not respond to certain queries it considers malformed (CVE-2008-3337).\n Impact :\n\n A remote attacker could send specially crafted queries to cause a Denial of Service. The second vulnerability in itself does not pose a security risk to PowerDNS Nameserver. However, not answering a query for an invalid DNS record within a valid domain allows for a larger spoofing window on third-party nameservers for domains being hosted by PowerDNS Nameserver itself.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2008-12-21T00:00:00", "type": "nessus", "title": "GLSA-200812-19 : PowerDNS: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3337", "CVE-2008-5277"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:pdns", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200812-19.NASL", "href": "https://www.tenable.com/plugins/nessus/35244", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200812-19.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35244);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-3337\", \"CVE-2008-5277\");\n script_bugtraq_id(30587);\n script_xref(name:\"GLSA\", value:\"200812-19\");\n\n script_name(english:\"GLSA-200812-19 : PowerDNS: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200812-19\n(PowerDNS: Multiple vulnerabilities)\n\n Daniel Drown reported an error when receiving a HINFO CH query\n (CVE-2008-5277). Brian J. Dowling of Simplicity Communications\n discovered a previously unknown security implication of the PowerDNS\n behavior to not respond to certain queries it considers malformed\n (CVE-2008-3337).\n \nImpact :\n\n A remote attacker could send specially crafted queries to cause a\n Denial of Service. The second vulnerability in itself does not pose a\n security risk to PowerDNS Nameserver. However, not answering a query\n for an invalid DNS record within a valid domain allows for a larger\n spoofing window on third-party nameservers for domains being hosted by\n PowerDNS Nameserver itself.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200812-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PowerDNS users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-dns/pdns-2.9.21.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pdns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-dns/pdns\", unaffected:make_list(\"ge 2.9.21.2\"), vulnerable:make_list(\"lt 2.9.21.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PowerDNS\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-06T05:14:47", "description": "\nBrian Dowling discovered that the PowerDNS authoritative name server\ndoes not respond to DNS queries which contain certain characters,\nincreasing the risk of successful DNS spoofing ([CVE-2008-3337](https://security-tracker.debian.org/tracker/CVE-2008-3337)). This\nupdate changes PowerDNS to respond with SERVFAIL responses instead.\n\n\nFor the stable distribution (etch), this problem has been fixed in version \n2.9.20-8+etch1.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.9.21.1-1.\n\n\nWe recommend that you upgrade your pdns package.\n\n\n", "cvss3": {}, "published": "2008-08-10T00:00:00", "type": "osv", "title": "pdns - DNS spoofing", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3337"], "modified": "2022-07-06T01:47:20", "id": "OSV:DSA-1628-1", "href": "https://osv.dev/vulnerability/DSA-1628-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:28", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200812-19\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: PowerDNS: Multiple vulnerabilities\r\n Date: December 19, 2008\r\n Bugs: #234032, #247079\r\n ID: 200812-19\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nTwo vulnerabilities have been discovered in PowerDNS, possibly leading\r\nto a Denial of Service and easing cache poisoning attacks.\r\n\r\nBackground\r\n==========\r\n\r\nThe PowerDNS Nameserver is an authoritative-only nameserver which uses\r\na flexible backend architecture.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 net-dns/pdns < 2.9.21.2 >= 2.9.21.2\r\n\r\nDescription\r\n===========\r\n\r\nDaniel Drown reported an error when receiving a HINFO CH query\r\n(CVE-2008-5277). Brian J. Dowling of Simplicity Communications\r\ndiscovered a previously unknown security implication of the PowerDNS\r\nbehavior to not respond to certain queries it considers malformed\r\n(CVE-2008-3337).\r\n\r\nImpact\r\n======\r\n\r\nA remote attacker could send specially crafted queries to cause a\r\nDenial of Service. The second vulnerability in itself does not pose a\r\nsecurity risk to PowerDNS Nameserver. However, not answering a query\r\nfor an invalid DNS record within a valid domain allows for a larger\r\nspoofing window on third-party nameservers for domains being hosted by\r\nPowerDNS Nameserver itself.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll PowerDNS users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=net-dns/pdns-2.9.21.2"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2008-3337\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3337\r\n [ 2 ] CVE-2008-5277\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5277\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200812-19.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2008 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2008-12-22T00:00:00", "title": "[ GLSA 200812-19 ] PowerDNS: Multiple vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-3337", "CVE-2008-5277"], "modified": "2008-12-22T00:00:00", "id": "SECURITYVULNS:DOC:21063", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21063", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T19:10:06", "description": "DoS, non-standard reaction to invalid query increases chances for successful spoofing attack.", "edition": 2, "cvss3": {}, "published": "2008-12-22T00:00:00", "title": "PowerDNS multiple security DNS", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-3337", "CVE-2008-5277"], "modified": "2008-12-22T00:00:00", "id": "SECURITYVULNS:VULN:9535", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9535", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2022-01-17T19:14:48", "description": "### Background\n\nThe PowerDNS Nameserver is an authoritative-only nameserver which uses a flexible backend architecture. \n\n### Description\n\nDaniel Drown reported an error when receiving a HINFO CH query (CVE-2008-5277). Brian J. Dowling of Simplicity Communications discovered a previously unknown security implication of the PowerDNS behavior to not respond to certain queries it considers malformed (CVE-2008-3337). \n\n### Impact\n\nA remote attacker could send specially crafted queries to cause a Denial of Service. The second vulnerability in itself does not pose a security risk to PowerDNS Nameserver. However, not answering a query for an invalid DNS record within a valid domain allows for a larger spoofing window on third-party nameservers for domains being hosted by PowerDNS Nameserver itself. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PowerDNS users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-dns/pdns-2.9.21.2\"", "cvss3": {}, "published": "2008-12-19T00:00:00", "type": "gentoo", "title": "PowerDNS: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3337", "CVE-2008-5277"], "modified": "2008-12-19T00:00:00", "id": "GLSA-200812-19", "href": "https://security.gentoo.org/glsa/200812-19", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-07-04T06:01:35", "description": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.", "cvss3": {}, "published": "2008-08-08T19:41:00", "type": "debiancve", "title": "CVE-2008-3337", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1447", "CVE-2008-3217", "CVE-2008-3337"], "modified": "2008-08-08T19:41:00", "id": "DEBIANCVE:CVE-2008-3337", "href": "https://security-tracker.debian.org/tracker/CVE-2008-3337", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:31:41", "description": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.", "cvss3": {}, "published": "2008-08-08T19:41:00", "type": "cve", "title": "CVE-2008-3337", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1447", "CVE-2008-3217", "CVE-2008-3337"], "modified": "2017-08-08T01:31:00", "cpe": ["cpe:/a:powerdns:authoritative_server:2.9.21", "cpe:/a:powerdns:powerdns:*"], "id": "CVE-2008-3337", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3337", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:powerdns:authoritative_server:2.9.21:*:*:*:*:*:*:*", "cpe:2.3:a:powerdns:powerdns:*:*:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2016-09-04T11:20:17", "description": "The openwsman project provides an implementation of the Web Service Management specification. The SuSE Security-Team has found two critical issues in the code: - two remote buffer overflows while decoding the HTTP basic authentication header (CVE-2008-2234) - a possible SSL session replay attack affecting the client (depending on the configuration) (CVE-2008-2233) Both issues were fixed.\n#### Solution\nPlease install the fixed package.", "cvss3": {}, "published": "2008-08-14T18:02:43", "type": "suse", "title": "remote code execution in openwsman", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2006-7232", "CVE-2008-1803", "CVE-2008-1447", "CVE-2008-3337", "CVE-2007-6389", "CVE-2008-1802", "CVE-2008-2233", "CVE-2008-1801", "CVE-2008-2079", "CVE-2008-2234"], "modified": "2008-08-14T18:02:43", "id": "SUSE-SA:2008:041", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00003.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
[SECURITY] Fedora 8 Update: pdns-2.9.21.1-1.fc8
