PT-2019-3470 · Powerdns+2 · Powerdns Authoritative Server+2

Gert Van Dijk

Published

2019-01-21

Updated

2024-06-15

CVE-2019-10162

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions PowerDNS Authoritative Server versions prior to 4.1.10 PowerDNS Authoritative Server versions prior to 4.0.8

Description The issue is related to a lack of authorization mechanism in the PowerDNS DNS server's syntax analysis function. This can be exploited by a remote attacker to cause a denial of service when the server looks up NS/A/AAAA records. The problem occurs because the Authoritative Server exits when it encounters a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.

Recommendations For PowerDNS Authoritative Server versions prior to 4.1.10, update to version 4.1.10 or later to resolve the issue. For PowerDNS Authoritative Server versions prior to 4.0.8, update to version 4.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the MASTER type zone to minimize the risk of exploitation.

Fix

Improper Authorization

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-400

Related Identifiers

ALT-PU-2020-1325

ALT-PU-2020-1407

BDU:2019-03644

CVE-2019-10162

DLA-1843-1

DSA-4470-1

MGASA-2020-0375

OPENSUSE-SU-2019:1904-1

OPENSUSE-SU-2019:1921-1

OPENSUSE-SU-2019_1904-1

OPENSUSE-SU-2024:11156-1

Affected Products

Alt Linux

Powerdns Authoritative Server

Suse

PT-2019-3470 · Powerdns+2 · Powerdns Authoritative Server+2

CVE-2019-10162

Weakness Enumeration

Related Identifiers

Affected Products

References · 73