logo
DATABASE RESOURCES PRICING ABOUT US

PowerDNS Security Advisory 2010-01: PowerDNS Recursor up to and including 3.1.7.1 can be brought down and probably exploited

Description

PowerDNS Security Advisory 2010-01: PowerDNS Recursor up to and including 3.1.7.1 can be brought down and probably exploited Table 1-6. PowerDNS Security Advisory CVE CVE-2009-4009 Date 6th of January 2010 Affects PowerDNS Recursor 3.1.7.1 and earlier Not affected No versions of the PowerDNS Authoritative ('pdns_server') are affected. Severity Critical Impact Denial of Service, possible full system compromise Exploit Withheld Solution Upgrade to PowerDNS Recursor 3.1.7.2 or higher Workaround None. The risk of exploitation or denial of service can be decreased slightly by using the 'allow-from' setting to only provide service to known users. The risk of a full system compromise can be reduced by running with a suitable reduced privilege user and group settings, and possibly chroot environment. Using specially crafted packets, it is possible to force a buffer overflow in the PowerDNS Recursor, leading to a crash. This vulnerability was discovered by a third party that (for now) prefers not to be named. PowerDNS is very grateful however for their help in improving PowerDNS security.


Related