PT-2015-6930 · Powerdns+1 · Powerdns Recursor+2

Toshifumi Sakaguchi

Publicado

2015-07-09

Atualizado

2017-04-04

CVE-2015-5470

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions PowerDNS Recursor versions prior to 3.6.4 PowerDNS Recursor versions 3.7.x prior to 3.7.3 PowerDNS Authoritative Server versions prior to 3.3.3 PowerDNS Authoritative Server versions 3.4.x prior to 3.4.5

Description The issue allows remote attackers to cause a denial of service, resulting in CPU consumption or a crash, via a request with a long name that refers to itself. This problem exists due to an incomplete fix for a previous issue.

Recommendations For PowerDNS Recursor versions prior to 3.6.4, update to version 3.6.4 or later. For PowerDNS Recursor versions 3.7.x prior to 3.7.3, update to version 3.7.3 or later. For PowerDNS Authoritative Server versions prior to 3.3.3, update to version 3.3.3 or later. For PowerDNS Authoritative Server versions 3.4.x prior to 3.4.5, update to version 3.4.5 or later.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

ALT-PU-2017-1425

CVE-2015-5470

DSA-3306-1

DSA-3307-1

MGASA-2015-0301

Produtos afetados

Alt Linux

Powerdns Authoritative Server

Powerdns Recursor

PT-2015-6930 · Powerdns+1 · Powerdns Recursor+2

CVE-2015-5470

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 37