PT-2018-9885 · Powerdns+4 · Powerdns Authoritative+5

Adam Mariš

Publicado

2018-05-23

Atualizado

2025-01-14

CVE-2018-1046

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: PowerDNS Authoritative versions prior to 4.1.2

Description: The issue is related to a buffer overflow in the dnsreplay tool. When the -ecs-stamp option of dnsreplay is used to replay a specially crafted PCAP file, it can trigger a stack-based buffer overflow. This leads to a crash and potentially allows for arbitrary code execution.

Recommendations: For versions prior to 4.1.2, update to version 4.1.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the -ecs-stamp option in dnsreplay until the update is applied.

Correção

Stack Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-787

Identificadores relacionados

ALT-PU-2020-1325

ALT-PU-2020-1407

CVE-2018-1046

MGASA-2018-0255

OPENSUSE-SU-2018:1462-1

OPENSUSE-SU-2018_1384-1

OPENSUSE-SU-2018_1442-1

OPENSUSE-SU-2024:11156-1

SUSE-SU-2018:1660-1

USN-7203-1

Produtos afetados

Alt Linux

Linuxmint

Powerdns Authoritative

Powerdns Authoritative Server

Suse

Ubuntu

PT-2018-9885 · Powerdns+4 · Powerdns Authoritative+5

CVE-2018-1046

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 64