ID CVE-2006-4251
Summary Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length.
References
Vulnerable Configurations
  • cpe:2.3:a:powerdns:recursor:2.0_rc1
    cpe:2.3:a:powerdns:recursor:2.0_rc1
  • cpe:2.3:a:powerdns:recursor:2.8
    cpe:2.3:a:powerdns:recursor:2.8
  • cpe:2.3:a:powerdns:recursor:2.9.15
    cpe:2.3:a:powerdns:recursor:2.9.15
  • cpe:2.3:a:powerdns:recursor:2.9.16
    cpe:2.3:a:powerdns:recursor:2.9.16
  • cpe:2.3:a:powerdns:recursor:2.9.17
    cpe:2.3:a:powerdns:recursor:2.9.17
  • cpe:2.3:a:powerdns:recursor:2.9.18
    cpe:2.3:a:powerdns:recursor:2.9.18
  • PowerDNS Recursor 3.0
    cpe:2.3:a:powerdns:recursor:3.0
  • PowerDNS Recursor 3.0.1
    cpe:2.3:a:powerdns:recursor:3.0.1
  • cpe:2.3:a:powerdns:recursor:3.1
    cpe:2.3:a:powerdns:recursor:3.1
  • PowerDNS Recursor 3.1.1
    cpe:2.3:a:powerdns:recursor:3.1.1
  • PowerDNS Recursor 3.1.2
    cpe:2.3:a:powerdns:recursor:3.1.2
  • PowerDNS Recursor 3.1.3
    cpe:2.3:a:powerdns:recursor:3.1.3
CVSS
Base: 7.5 (as of 14-11-2006 - 14:40)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family DNS
    NASL id POWERDNS_RECURSOR_3_1_4.NASL
    description According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 3.x prior to 3.1.4. It is, therefore, affected by multiple vulnerabilities : - A buffer overflow condition exists that allows a remote attacker, via a specially crafted TCP DNS query, to prevent the Recursor from properly calculating the TCP DNS query length, resulting in a denial of service condition. (CVE-2006-4251) - A denial of service vulnerability exists that allows a remote attacker, via a CNAME record with a zero TTL, to cause a resource exhaustion, resulting in an application crash. (CVE-2006-4252) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number. Also, Nessus has not checked for the presence of the patches or a workaround.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 87949
    published 2016-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87949
    title PowerDNS Recursor 3.x < 3.1.4 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1211.NASL
    description It was discovered that malformed TCP packets may lead to denial of service and possibly the execution of arbitrary code if the PowerDNS nameserver acts as a recursive nameserver.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 23660
    published 2006-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23660
    title Debian DSA-1211-1 : pdns - buffer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PDNS-2275.NASL
    description Two security problems that have been found in PowerDNS are fixed by this update : CVE-2006-4251: The PowerDNS Recursor can be made to crash by sending malformed questions to it over TCP potentially executing code. CVE-2006-4252: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space, and crash.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27386
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27386
    title openSUSE 10 Security Update : pdns (pdns-2275)
refmap via4
bid 21037
confirm http://doc.powerdns.com/powerdns-advisory-2006-01.html
debian DSA-1211
secunia
  • 22824
  • 22903
  • 22976
suse SUSE-SA:2006:070
vupen ADV-2006-4484
xf powerdns-dns-bo(30270)
Last major update 07-03-2011 - 21:40
Published 14-11-2006 - 14:07
Last modified 19-07-2017 - 21:32
Back to Top