17 matches found
K16866: PowerDNS vulnerabilities CVE-2014-8601 and CVE-2015-1868
Security Advisory Description CVE-2014-8601 PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service "performance degradations" via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it...
PowerDNS Recursor Label Decompression DoS Vulnerability (2015-01)
PowerDNS Recursor is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PowerDNS Authoritative Server 3.x < 3.4.5 Label Decompression Self-Referential Name Handling DoS
According to its self-reported version number, the version of the PowerDNS Authoritative Server listening on the remote host is version 3.x prior to 3.4.5. It is, therefore, affected by a denial of service vulnerability due to improper validation of user-supplied input when handling...
PowerDNS Recursor and Authoritative Server Denial of Service Vulnerabilities
PowerDNS Recursor, Authoritative Server are both products of the Dutch company PowerDNS.PowerDNS Recursor is a domain name resolution server.PowerDNS Authoritative Server is a DNS server. A security vulnerability exists in the label decompression feature of PowerDNS Recursor and Authoritative...
CVE-2015-5470
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...
CVE-2015-5470
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...
CVE-2015-5470
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative Auth Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a long name that refers to itself. NOTE...
PowerDNS Nameserver Label Decompression Denial of Service (CVE-2015-1868)
A denial of service vulnerability exists in PowerDNS. The vulnerability is due to a design weakness in PowerDNS label decompression code causing excessive looping. A remote attacker can exploit these vulnerabilities by sending a request to a vulnerable server to consume CPU resource...
CVE-2015-1868
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative Auth Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a name that...
DEBIAN-CVE-2015-1868
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative Auth Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a name that...
Design/Logic Flaw
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative Auth Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a name that...
CVE-2015-1868
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative Auth Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a name that...
CVE-2015-1868
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative Auth Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service CPU consumption or crash via a request with a name that...
Updated pdns & pdns-recursor packages fix CVE-2015-1868
Updated pdns and pdns-recursor packages fix security vulnerability: A bug was discovered in the label decompression code in PowerDNS and PowerDNS Recursor, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to...
powerdns-recursor: denial of service
A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. This loop is capped at a 1000 iterations by a failsafe, making the issue harmless on most platforms. However, on specific platforms, the recursion...
powerdns: denial of service
A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. This loop is capped at a 1000 iterations by a failsafe, making the issue harmless on most platforms. However, on specific platforms, the recursion...
powerdns -- Label decompression bug can cause crashes or CPU spikes
The PowerDNS project reports: A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to cause crashes. On all platforms, this bug can be abused to cause...