Debian Security Advisory DSA 3763-1 (pdns-recursor - security update)

Florian Heinz and Martin Kluge reported that pdns-recursor, a recursive DNS server, parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a...

DSA-3763-1 pdns-recursor - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3763-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PowerDNS Recursor Label Decompression DoS Vulnerability (2015-01)

PowerDNS Recursor is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PowerDNS Recursor Label Decompression DoS Vulnerability (2015-01) - Windows

PowerDNS Recursor is prone to a denial of service DoS vulnerability. Note: This VT has been deprecated as the product is not supported on Windows. It is therefore no longer functional. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, a...

The vulnerability of the PowerDNS Recursor software allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in PowerDNS Recursor allows malicious actors to manipulate DNS data by using specially crafted zones...

The vulnerability of the PowerDNS Recursor software allows a malicious actor to compromise the integrity and accessibility of protected information.

The software PowerDNS Recursor is vulnerable due to the rewriting of cached server names and TTL values in NS records when processing “A” record queries. Exploiting this vulnerability allows a malicious actor to extend the validity of revoked domain names by using non-existent domain names...

The vulnerability of the PowerDNS Recursor software allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

Overfilling the buffer in the PowerDNS Recursor allows malicious actors operating remotely to cause service failures abrupt termination of the daemon or execute arbitrary code using specially crafted packages...

PowerDNS Recursor 3.x < 3.1.7.2 Multiple Vulnerabilities

According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 3.x prior to 3.1.7.2. It is, therefore, affected by multiple vulnerabilities : - A buffer overflow condition exists that allows a remote attacker, via crafted packets, to...

PowerDNS Recursor 3.x < 3.1.4 Multiple Vulnerabilities

According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 3.x prior to 3.1.4. It is, therefore, affected by multiple vulnerabilities : - A buffer overflow condition exists that allows a remote attacker, via a specially crafted TCP...

PowerDNS Recursor 3.x < 3.7.3 Label Decompression DoS

According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 3.x prior to 3.7.3. It is, therefore, affected by a denial of service vulnerability due to improper validation of user-supplied input when handling self-referential names...

PowerDNS Recursor 3.x < 3.0.1 EDNS0 DoS

According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 3.x prior to 3.0.1. It is, therefore, affected by a denial of service vulnerability due to improper processing of Extension Mechanisms for DNS EDNS0 packets. A remote attack...

PowerDNS Recursor 3.x < 3.6.2 Recursive Referral Handling DoS

According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 3.x prior to 3.6.2. It is, therefore, affected by a denial of service vulnerability due to the lack of limiting delegation chaining. A remote attacker can exploit this...

PowerDNS Recursor and Authoritative Server Denial of Service Vulnerabilities

PowerDNS Recursor, Authoritative Server are both products of the Dutch company PowerDNS.PowerDNS Recursor is a domain name resolution server.PowerDNS Authoritative Server is a DNS server. A security vulnerability exists in the label decompression feature of PowerDNS Recursor and Authoritative...

DEBIAN-CVE-2015-5470

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...

CVE-2015-5470

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...

CVE-2015-5470

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...

CVE-2015-5470

The CVE-2015-5470 issue affects PowerDNS components: Recursor (before 3.6.4) and 3.7.x before 3.7.3, and Authoritative Server (before 3.3.3 and 3.4.x before 3.4.5). Root cause is the label decompression feature allowing a remote attacker to cause a denial of service by sending a request with a lo...

CVE-2015-5470

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...

Mageia: Security Advisory (MGASA-2015-0301)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...