PT-2019-3471 · Powerdns+2 · Powerdns Authoritative Server+2

George Asenov

Publicado

2019-01-21

Atualizado

2024-06-15

CVE-2019-10163

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions PowerDNS Authoritative Server versions prior to 4.1.9 PowerDNS Authoritative Server versions prior to 4.0.8

Description The issue is related to an uncontrolled resource consumption in the PowerDNS server. It can be exploited by a remote attacker to cause a denial of service by sending a large number of notifications, potentially leading to a high CPU load or preventing further updates to any slave zone. Only servers configured as slaves are affected by this issue.

Recommendations For PowerDNS Authoritative Server versions prior to 4.1.9, update to version 4.1.9 or later to resolve the issue. For PowerDNS Authoritative Server versions prior to 4.0.8, update to version 4.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the NOTIFY messages to minimize the risk of exploitation.

Correção

Allocation of Resources Without Limits

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-400

Identificadores relacionados

ALT-PU-2020-1325

ALT-PU-2020-1407

BDU:2019-03645

CVE-2019-10163

DLA-1843-1

DSA-4470-1

MGASA-2020-0375

OPENSUSE-SU-2019:1904-1

OPENSUSE-SU-2019:1921-1

OPENSUSE-SU-2019_1904-1

OPENSUSE-SU-2024:11156-1

Produtos afetados

Alt Linux

Powerdns Authoritative Server

Suse

PT-2019-3471 · Powerdns+2 · Powerdns Authoritative Server+2

CVE-2019-10163

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 74