Published: 02/11/2015 Updated: 04/11/2015

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

The label decompression functionality in PowerDNS Recursor prior to 3.6.4 and 3.7.x prior to 3.7.3 and Authoritative (Auth) Server prior to 3.3.3 and 3.4.x prior to 3.4.5 allows remote malicious users to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.

Vulnerable Product	Search on Vulmon	Subscribe to Product
powerdns authoritative
powerdns authoritative 3.4.1
powerdns authoritative 3.4.2
powerdns authoritative 3.4.3
powerdns authoritative 3.4.4
powerdns authoritative 3.4.0
powerdns recursor
powerdns recursor 3.7.2
powerdns recursor 3.7.1

Toshifumi Sakaguchi discovered that the patch applied to pdns, an authoritative DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service (service-affecting CPU spikes and in some cases a crash) For the stable distribution (jessie), this problem has been fixed in version 341-4+deb8u2 ...

Toshifumi Sakaguchi discovered that the patch applied to pdns-recursor, a recursive DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service (service-affecting CPU spikes and in some cases a crash) For the stable distribution (jessie), this problem has been fixed in version 362-2+de ...

CWE-399 http://www.openwall.com/lists/oss-security/2015/07/10/8 http://www.openwall.com/lists/oss-security/2015/07/07/6 https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/https://nvd.nist.gov https://www.debian.org/security/./dsa-3306

CVE-2015-5470

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect