PT-2018-4978 · Powerdns+1 · Powerdns Authoritative Server+1

Mongo

Published

2017-01-13

Updated

2024-06-15

CVE-2016-7072

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions PowerDNS Authoritative Server versions prior to 3.4.11 PowerDNS Authoritative Server versions prior to 4.0.2

Description A remote, unauthenticated attacker can cause a denial of service by opening a large number of TCP connections to the web server, potentially triggering an exception and terminating the PowerDNS process if the web server runs out of file descriptors.

Recommendations For PowerDNS Authoritative Server versions prior to 3.4.11, update to version 3.4.11 or later. For PowerDNS Authoritative Server versions prior to 4.0.2, update to version 4.0.2 or later.

Fix

DoS

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400

Related Identifiers

ALT-PU-2017-1425

CVE-2016-7072

DLA-798-1

DSA-3764-1

MGASA-2017-0033

OPENSUSE-SU-2024:11156-1

Affected Products

Alt Linux

Powerdns Authoritative Server

PT-2018-4978 · Powerdns+1 · Powerdns Authoritative Server+1

CVE-2016-7072

Weakness Enumeration

Related Identifiers

Affected Products

References · 47