[arch-security] [ASA-201609-9] powerdns: denial of service
rgacogne at archlinux.org
Tue Sep 13 20:42:28 UTC 2016
Arch Linux Security Advisory ASA-201609-9
Date : 2016-09-13
CVE-ID : CVE-2016-5426 CVE-2016-5427
Package : powerdns
Type : denial of service
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package powerdns before version 4.0.1-3 is vulnerable to denial of
Upgrade to 4.0.1-3.
# pacman -Syu "powerdns>=4.0.1-3"
The problems have been fixed upstream in version 4.0.0.
Running dnsdist in front of potentially affected servers prevents
CVE-2016-5426, and can prevent CVE-2016-5427 with the use of custom
rules described in the PowerDNS advisory.
Two issues have been found in PowerDNS Authoritative Server allowing a
remote, unauthenticated attacker to cause an abnormal load on the
PowerDNS backend by sending crafted DNS queries, which might result in a
partial denial of service if the backend becomes overloaded. SQL
backends for example are particularly vulnerable to this kind of
unexpected load if they have not been dimensioned for it.
PowerDNS Authoritative Server accepts queries with a qname's length
larger than 255 bytes.
PowerDNS Authoritative Server does not properly handle dot inside labels.
A remote, unauthenticated attacker can cause an abnormal load on the
backend by sending crafted DNS queries, resulting in denial of service.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the arch-security