6 matches found
PT-2020-15810 · Powerdns +1 · Powerdns Authoritative +2
Name of the Vulnerable Software and Affected Versions: PowerDNS Authoritative versions prior to 4.3.0 Description: A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature when th...
PowerDNS Security Advisory 2016-04: Insufficient validation of TSIG signatures
Two issues have been found in PowerDNS Authoritative Server allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a...
CVE-2016-7074
CVE-2016-7074 affects PowerDNS (authoritative server and recursor): insufficient TSIG validation allows MITM to alter AXFR content due to missing check that the TSIG record is last, enabling parsing of records outside the TSIG scope. Affected: PowerDNS versions before 3.4.11/4.0.2 and recursor be...
FreeBSD : powerdns -- multiple vulnerabilities (e3200958-dd6c-11e6-ae1b-002590263bf5)
PowerDNS reports : 2016-02: Crafted queries can cause abnormal CPU usage 2016-03: Denial of service via the web server 2016-04: Insufficient validation of TSIG signatures 2016-05: Crafted zone record can cause a denial of service %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...
Debian Security Advisory DSA 3764-1 (pdns - security update)
Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2120 Mathieu Lafon discovered that pdns does not properly validate records in zones. An authorized user can take advanta...
powerdns -- multiple vulnerabilities
PowerDNS reports: 2016-02: Crafted queries can cause abnormal CPU usage 2016-03: Denial of service via the web server 2016-04: Insufficient validation of TSIG signatures 2016-05: Crafted zone record can cause a denial of service...