Published: 10/09/2018 Updated: 09/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue has been found in PowerDNS Authoritative Server prior to 3.4.11 and 4.0.2 allowing a remote, unauthenticated malicious user to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized malicious user to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible.

Vulnerable Product	Search on Vulmon	Subscribe to Product
powerdns authoritative
debian debian linux 8.0

Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2120 Mathieu Lafon discovered that pdns does not properly validate records in zones An authorized user can take advantage of this flaw to crash server by inser ...

An issue has been found in PowerDNS Authoritative Server allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process While it's more complicated for an unaut ...

CWE-400 https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7072 https://www.debian.org/security/2017/dsa-3764 https://www.debian.org/security/./dsa-3764 https://nvd.nist.gov

CVE-2016-7072

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect